AUG. 4.2004 5:25PM 



PALO ALTO OFFICE 



NO. 337 P. 13 



Exhibit B 



PAGE 13192 ' RCVD AT 8/4/2004 8:16:32 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF-1/1 * DNIS:8729306 » CSID:6508496775 ' DURATION (mm-ss):28-08 



AUG. 4. 2004 5:25PM ■ PALO ALTO OFFICE 



NO. 337 P. H 



I 

2 
•3 

4 

5 

6 

7 

8 

9' 
1Q 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 . 
28 



INTERTRUST TECHNOLOGIES CORP. u MICROSO FT CORP. 
— INTERTRUST INFRINGEMENT CHART 
FOR VS. PATENT NO. 5^92,900 



155. 



j\ virtual distribution environment comprising 



(a) a first host processing environment 
comprising 



m a central processing unit u_ 

(2) main memory operatively connected 
to said ceffl Tfl processing unit 



(3) mass storage operatively connected 
to said central processing unii and said 
main memory:' 



(b) said mass storage storing tamper resistant 
software designed to be loaded into said main 
memory and executed by said central 
processing unit, said tamper resistant software 
comprising: 



(1) machine check programming -which 
derives information from one or more 
aspects of said host processing 
environment 



(2) one or more storage locations 
storing said information: 



ffi integrity programming which 



(I) causes said machine check 
programming to derive said 
information, 



(ii) compares said information 
to infonnation previously stored 
in said one or rpore storage 
locations, and 



(iii) generates an indication 
based on the result of said 
comparison: ap<L 



{4) programming which takes one or^ 
more actions based on the state of said 
indication: • 



(i) said one or more actions 
including at least temporarily 
halting farther processing. 



Products infringing: Any product using 
Microsoft Product Activation or Reader 
Activation feature. - . 



computer running a Microsoft product 
containing the Product Activation feature, 
including Windows XP, Office £P, Visio 
2002, Reader using its activation feature^ 



CPU of computer 



main memory of computer 



hard disk or other mass storage contained in 
computer - / 



Microsoft Product Activation software 



Product Activation software generates 
hardware information relating to the host 
processing environment as part of the 
activation process 



hardware information is stored in the 
computers storage 



each time the Microsoft program starts up after 
initial activation, Product Activation checks 
the originally derived hardware information 
against current hardware 



each time the Microsoft program starts up after 
initial activation, Product Activation checks 
the originally derived hardware information 
against current hardware 



Product Activation software indicates whether 
the test has passed or failed 



Product Activation software will allow system 
startup procedures to continue, if lest succeeds, 
or discontinue startup and offer user 
opportunity to reactivate if the test fails 
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FOR XJJS. PATENT NO. 5,892,900 



156. 



Product Infringing: Any product using 
Microsoft Product Activation or Reader 
Activation "feature. 



A virtual distribution environment comprising 



(a) a first host processing environment 
comprising 



( D a central processing unit: 

(2) main memory operaiively connected 
to said central processing unit; 

(3) mass storage operative!/ connected 
to said central processing urfit and said 
main memory: 



computer running a Microsoft product 
containing the* Product Activation feature, 
including Windows XP S Office XP, Visio 2002 
andlteader • 



CPU of computer 



main memory of computer . 



hard disk or other mass storage contained in 
computer 



(b) said mass storage storing tamper resistant 
software designed to be loaded into said 
main memory and executed by said central 
processing unit, said tamper resistant 
software comprising: 



Microsoft Product Activation software 



(1) machine check programming which 
derives information from one or more 
aspects of said host processing 
environment. : ' 



Product Activation software generates 
hardware information relating to the host 
processing environment as part of the 
activation process 



(2) one or more storage locations 
storing said information: 



(3") integrity programming which 



hardware information is stored in the 
computer's storage ; 



(i) causes said machine check 
programming to derive said 
information, 



each lime the Microsoft program starts up after 
initial activation, Product Activation checks 
the originally derived hardware information 
against cuitent hardware. 



(if) compares said information - 
to inffirmation previously stored 
in said one or more storage 
locations, and 



each time the Microsoft program starts up after 
initial activation^ Product Activation checks 
the originally derived hardware information 
against current hardware 



(iii) generates an indication 
based on the result of said 
comparison: and 



Product Activation software indicates whether 
the test has passed or failed 



(4) programming which takes one or 
more actions based on the state of said 
indication: _ 



(i) said one or more actions 
including at least temporarily 
disabling certain functions. 



Product Activation may disable the underlying 
software from generating new files or running 
user applications if the test fails 



i • • 
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FOR U.S. PATEJSIT NO. 5,892,900 



157* 



A virtual distribution environment comprising 



(a) a first host processing environment 
comprising 



f 1 ) a central processing .unit: 



(2) main memory operatively connectec 
to said central processing unit; 



(3) mass storage operativejy connected 
v tp said central processing unit and said 
main memory: 



(b) said mass storage storing tamper resistant 
software designed to be loaded into said 
main memory and executed by said centra) 
processing unit, said tamper resistant 
* software comp rising 



. (1) machine check programming which 
derives information from one or more 
aspects of said host processing 
environment, 



(2) one or more storage locations 
storing said information- 



f31 integ rity programming which , 



CO causes said machine check 
programming to derive said 
information, 



(ii) compares said information 
to information previously stored 
in said one or more storage 
Jocations. and 



(iii) generates an indication 
based on the result" of said 
comparison; and , 



(4) programming which takes one or 
more actions based on the state of said 
.indication: 



fl) said one or more actions 
including displaying a message 
Jo the user. . 



Product Infringing: Any product using 
Microsoft Product Activation or Reader 
'Activation feature. 



computer running a Microsoft product 
containing the Product Activation feature, 
including Windows XP, Office XP; Visio 2002 
and Reader « ; 



CPU of computer 



main memory of computer 



hard disk or other mass storage contained in 
computer 



Microsoft Product Activation software 



Product Activation software generates hash 
information relating to the host processing 
environment as part of the activation process 



hardware information is stored in the 
computer's storage . • 



each time the Microsoft program starts up after 
initial activation, Product Activation checks 
the originally derived hardware information 
against current hardware 



each time the Microsoft program starts up after 
initial activation* Product Activation checks 
the originally derived hardware information 
against current hardware 



! Product Activation software indicates whether 
the test has passed or failed 



Product Activation software displays a 
message to the user if the test fails 



.i! 
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156. 



Products infringing: Windows Media Player 



A virtual distribution environment comprising 



a first host processing environment comprising 



WMP with Individualized DRM client 
(referred to hereafter; as the Individualized 
WMP*) running on a client computer ' ' 



a central processing unit 



Client jCPtT 



main memory bperativejy connected to said 
central processing unit . 



Client memory 



nass storage operatively connected to said 
antral processing 'Unit and said main memory 



Local disk drive 



said mass storage storing tamper resistant 
software designed to be loaded into said main 
uemoiy and executed. by said cental 
>rocessing unit, said tamper resistant software 
comprising: 



Individualized WMP (I-WMP) stored on disk 
and loaded into main memory upon execution. 
I* WMP is tamper resistant. 



machine check programming which derives 
reformation from one or more aspects of said 
lost processing environment, 



>ne or more storage locations storing said 
nformatiop 



Individualization module is generated by the 
MS individualization service either when the 
un-individualized. WMP tries to open licensed 
content that requires a security upgrade (aka, 
Individualization) or when the user requests an 
upgrade un-provoked. /Die individualization 
module is unique and signed and is bound to a 
unique hardware ID using the MS machine 
activation process. 



The aforementioned unique feature are located 
in multiple places or storage locations 



ntegritv programming which 



:ause$ said machine check programming to 
lerive said information, . * 



The ID is regenerated by WMF/DRM client 
when first loading the Individualized DRM 
Client to access a piece of content requiring the 
securfry upgrade. 



ompares said information to information 
ireviously stored in said one or more storage 
ocations, and - 



The program chfecks the new copy against the 
one to which the Individualized DRM client is 
bound, : , • 



;enerates an indication based on the result of 
aid comparison: and 



Program stores the result of this check* 



irogramming which takes one or more actions 
>ased on the state of .said indication 



If these are not equal, the user is notified via a 
message stating that he/she must acquire a 
security upgrade (that is, the current security 
upgrade is invalid)* If theyare equal then 
processing of songS requiring Individualization 
continues,. 



aid one or more actions including at least 
smporarilv disabling certain functions. 



Sonps targeted to this Individualization module 
cannot be accessed until the upgrade is correct-. 
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157. A virtual distribution environment 
comprising . . * - ' * 


Infringing products include: Windows -Media 
Plaver * 


a first host urocessinc environment comprising ■ 


See 156 


a r^titrfll nrocessini* unit 


See 156 ' 


main memory operativeiy connected to said * 

/antral' nTYW^CtT) O unit 

central proce^rnK unu . 


.See 156 


mass storage operalively connected to said 
central processing unit and said main mem^rv_ 


See 156 


said mass storage storing tamper resistant 
software designed to be loaded into said main 
memory ana execurea oy sain cenirai 
processing unit, said tamper resistant software 
comprising: *.„ _ 


See. 156 


machine check programming which derives 
lniorrnauon rrom one or more aspects ui uuu 
host processing environment. 


See 156 


one or more storage locations storing said 
information 


See 156 


integrity programming which causes said^ 

mnnhin^ checlc nro pramm i n c to d&nve said 
information compares said information to 
information previously stored in said one or 
more storage locations, and 


*>ee i^o 


generates an indication based on the result of 
said comnarison: and 


See 156 


programming which takes one or more actions 
based on the state of said indication 


See 156 


said one or more actions including displaying a 
message to the user. 


If these are not equal, the user is notified via a 
message stating that he/she must acquire a 
security upgrade (that is, the current security 
upgrade is invalidV 
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INTERmUST TECHNOLOGIES CORP. MICROSOFT CORP- 

INTERTRUST INFRINGEMENT CHART 

FOR U.S. PATENT NO. 5,892,900 



157. 



A virtual distribution environmen t comprising 
(a) a first host processing environment 
comprising 



Infringing Product: Microsoft's Windows File 
Protection and System File Checker features, 
embodied in Microsoft's Windows 2000, 
Windows XP products^a na Server 2003 



computer running Microsoft Windows 2000 or 
Windows XP- 



m a centr^ processing unm_ 



CPU of computer. 



(2) main memory operatively connected 
to said central processing xmitL 



m^in memory of computer 



(3) mass storage operatively connected 
to said central processing unit and said 
main memory: 



hard disk ox other mass storage contained in 
computer 



(b) said mass stoiage storing tamper resistant 
software designed to be loaded into said 
niain memory and executed by said central 
processing unit, said tamper resistant 
software comprising: 



(1) machine check programming which 
derives information from one or more 
aspects of said host processing 
environment, 



Windows File Protection process/service 
("WFP") and System File Checker (SFCexe) 
features of winlogon.exe. Winlogon.exe is 
treated as a "critical" service by the Windows 
operating system. Files supporting WFP 
(including winIogon.exe> sfcexe, sfcdll (2000 
only), sfcfiles.dll (2000 only) and sfc_os.dll 
(XP only)) are "protected" files and are signed 
using a signature verified by a hidden key. In 
Windows 2000, WFP uses hidden functions 
within the sfcdll library* Functions are 
imported bv "ordinal" instead of "name.'" 



Winlogon either directly or using another dll 
(XP) or using SFC.dll (2000) determines if 
changed file was protected, computes the hash 
of protected files and, if necessary, computes 
the hash of the file in the dll cache before using 
it to replace a file overwritten by an incorrect 
version of the file. 



(2) one or more storage locations 
storing said infonn.ation; 



ffi integrity programming w 



which. 



hardware information is stored in the 
computer's memory 



(i) causes said machine check 
programming to derive said 
information, 



Windows notifies Winlogon when there has 
been a system directory change or a change in 
the dll cache. 



(ii) compares said information 
to information previously stored 
in said one. oi more storage 
locations, and 



Winlogon either directly or using another dll 
(XP) or using SFC-dJI (2000) compares 
computed bash with hash in the hash database 
created from the Catalog file($), and, if there is 
a difference, compares, the hash of the file in . 
the dll cache to the hash database created ttoto 



'. i! 
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the Catalog file(s) before using it to replace an 
overwritten file. 



(iii). generates an indication . 
based on the result of said 
comparison: and 



An event is written to the Event Viewer if 
hashes do not agree. 



(4) programming which takes one or 
more actions based'on the stale of said 
Indication; ' • 



Depending on the circumstances, WFP 
displays several messages to the user, 
includingpromptingthe user .to contact the 
system administrator, and to insert a CD-ROM 



- 



(i) said one or more actions 
including displaying a message 
to the user. — : 



See above. Messages also constitute viewable 
Event Property pop-ups. 
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Product Infringing: XBox 



A process comprising the following steps: 



The process constitutes assembly and use 
ofcomponents making un an XBox pame» 



accessing a first record containing 
information directly or indirectly 
identifying one or more elements of a first 
component assembly, 



The first record consists of the second file 
table on an XBox DVD. This table ' 
identifies the .xbe file which includes the 
game information: 



at least one of said elements including at 
least some executable programming, 



The xbe file includes executable 
programming. 



at least one of said elements constituting a 
load module^ 



The xbe file is a load module- 



said load module including executable 
programm in g and a header: , 



The xbe file includes a header. 



at least a portion of said header is a public 
portion which is characterized by a 
relatively lower level of security 
protection: and _■/_ •. _ _. 



Most information the xbe header is not 
obfuscated. 



at least a portion of said header is a private 
portion which is characterized, at least 
some of the time 5 by a level of security 
Mrotection which is relatively higher than 
said relatively lower level of security 
jrotection, 



The entry point address and the kernel 
image thunk address listed in the xbe 
header are obfuscated and therefore at a 
higher level of security protection* 



jsing said information to identify and 
locate said one or more elements; . 



The second file table identifies the «xbe 
file, including where that file is located. 



iccessing said located one or more 
elements: 



The «xbe file is accessed by the XBox. 



iecurely assembling said one or more 
dements to form at least a portion of said 
irst component assembly; 



At runtime, the .xbe file is assembled with 
certain services 6f the operating system to 
form a' component assembly. Security 
associated with this assembling process 
includes verifying signatures associated 
with portions of the .xbe file, and replacing 
obfuscated calls to operating system 
services with actual addresses. 

The assembly may also include patch files 
downloaded from a remote server. 



gcecuting at least some of said executable 



Game nlav requires execution of the 
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programming: 



checking said record for validity prior to 
performing said executing step. 



assembled programming. 



The seoond'file table is protected by a 
digital signature* and is not loaded/used 
unless the digital signature is verified 
against the file. 



7- 4 process as in claim 6 in which: 



said relatively lower level of security 
protection comprises storing said public 
header portion in an unencrypted state; and 



The header is protected by the techniques 
protecting the xbe such as signing and 
security descriptors, but it is not encrypted 
except as notedbelow. 



said relatively higher level of security 
protection comprises storing said private 
header portion in an encrypted state. 



The entry point address and the kernel " 
image fhunk address listed in the xbe : ' 
header are obfuscated. The Xbox SDK's 
(XDIQ-image build uses a key value shared 
with the retail XBox to perform two XOR 
"operations againsttha addresses 



D04 8:16:32 PM [Eastern Daylight TimeJ ^ SVR:USPT0-EFXRF-1/1 * DNlS:8729306 * CSID:6508496775 * DURATION (mm-ss):: 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
2i 
22 
23 
24 
25 
26 
27 
28 



5:28PM PALO ALTO OFFICE 



NO. 337 P. 23 



\ 

J 



mTERTRVST TECHNOLOGIES CORP. v. MICROSOFT CORP , 

INTERTRUST INFRINGEMENT CHART 

FOR U-S; PATENT NO* 5^17,912 



8. 



A process comprising the followin g steps: 



(a) accessing a first record containing 
information directly or indirectly identifying 
one or more elements of a first component 
assembly, 



Infringing products: Microsoft CLR or CCLR 
and .NET Framework £DK and products thai 
include one or both of these. 



The first record is either an assembly manifest, 
or & whole assembly; the elements are other* . 
assemblies that are referenced as external in - w 
the first record; the'first component assembly 
tea.NET application domain. 



(1) at least one of sard elements 
including at least some executable 
programming/ 



Assembly contains executable programming. 



(2) at least one of said elements 
constituting a load module. 



(i) said load module including * 
executable programming arid a 
header, 



This is an external assembly referenced in the 
first record. 



Assemblies include executable programming, 
and the assembly manifest and CLS type 
metadata constitute a header. 



(ii) said header including an 
execution space identifier 
identifying at least one aspect of 
an execution space required for 
use and/or execution of the load 
module associated with said 
header, . 



This feature is provided for in the -NET 
architecture through numerous mechanisms, 
for example, by demands fox ZoneH) 
permissions. 



(iii) said execution space 
identifier provides the capability 
for distinguishing between 
execution spaces providing a 
higher level of security and 
execution spaces providing a 
lower level of security; 



SecurityZorie or other evidence provides this 
capability. 



(b) using said information fb identify and 
locate said one or more elements; 



Manifest and type metadata information 
section is.used to identify and locate files, code 
elements, resource dements, individual classes 
and methods. 



(c) accessing said located one or more 
elements; 



Step carried out by the CLR or CCLR loader. 



(d) securely assembling said one or more 
elements to form at least a portion of said first 
component assembly; 



(e) executing at least some of said executable 
pro gramming: and_ ; __ 



CLR or CCLR carries out this step, including 
checking the integrity of the load module, 
checking the load module's permissions, 
placing the load module contents into an 
application domain, isolating it from malicious 
or badly behaved code, and from code that 
does not have the frerrnission to call it. 



Step carried but by Ih'e CLR/CCLR and the 
CLR/CCLRhost. - s 
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l checking said record for validity prior. to 
rfoiming sai<j executing step. 
A process as in claim 8 in which said 
ecution space providing a higher level of 
curity comprises a secure processing 
tvironment 



I. ^ process fl-fe in claim 8 farther comprising. 
) comparing said execution space identifier 
must information identifying the execution 
( ace hi which said executing step is to occur, 
id 



) taking an action if said execution space 
entifier requires an execution space with a 
curity level higher than that of the execution 
race in which said executing step is to occur. 



The CIJR/CCLR checks the authenticity and 

frft integrity of ^ first -NET assembly. 

The CLR/CGLR constitutes a secure 
processing environment 



In one example* the > • ' . 
ZooeldentityPennissionAttribute SecuntyZone 
value demanded by control in the assembly 
manifest is compared against the Securi,tyZone 
attribute value corresponding to the .calling 
method 



CLR/CCLR will throw- an exception and- 
'transfer control lo an exception handler m the 
calling routine^ or it will shut down" the 
application if there is no such exception 
handler, if the permissions do not include the 
permissions required by the 
ZonelderrtityPermissionAttnbute. The 
ZoneldenlityPermissions are hierarchical, 
unless cust omized.. 



U A process as in claim 13 in which said ^ 
rtion includes ieiminating said process' prior 
> said executing step. 



CLR/CCLR may terminate the process or 
transfer control to an exception handler that 
may itself terminate the process. 



il ' ' • 
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A process comprising the following steps; 



Products infringing include Windows Installer 
SDK, and products that include the Windows 
In^aller technology- 



Scenario I: use of Windows Installer j>aclcages 
(Le. -MSI files) to create Windows Installer- 
enabled applications, such as Office 2000 and 
used of the WI service to install them. 
Scenario 2: software distribution technologies 
that use the Windows Installer OS service for 
installation, such as Internet Component 
Download .and products like Office Web 
Components. 

Either scenario can be used by SMS S 

.IntelliMirror and third party tools like 

InstallShield and WISE. 

NT or later operating systems (because they 

use the subsystem identifier) 

vising cabinet files, .CAB, (because they have a 

manifest and INF and/or OSD files), and 

have been signed with a digital signature and 

will be authenticated by Authenticode or 

WinVerifyTrustAPland 

contain at least one PE (portable executables) 



a) accessing a first record containing 
^formation directly or indirectly identifying 
>ne or more elements of a first component 
ssembly, 



(1) at least one of said qjeroents 

including at least some executable 
programming, 



Scenario J: First record is the JvlSI file that 



JUPAJgiSW 1 - * j* j«. a wvj» »w — — — _ — 

contains information on what goes m the 
assembly and how to install the assembly. 

Scenario 2: 



•A* First record is the cabinet manifest 
(indirect instructions) 

B. Or, First record can be INF and/or OSD 
files (direct instructions) 



(2) at least one of said elements 
constituting a load module. 



Both scenarios: The PE (portable executable) 
in the cabinet file is the executable 
programming. 



Both scenarios: PE is a load module: 



(i) said load module including 
executable nrofrranvming and a_j 



Both scenarios: The PEhas several headers. 
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header; 




(xi) said header including an ' : 
execution space identifier 
• identifying at least one aspect of 
an csxecutioto space required for 
use* and/or execution of the load « 
module associated with said 
header; 


Both scenarios: SUBS YTEM is a field in the 
PE Optional Header that is an executira space . 


(iii) said execution space 
identifier provides the capability 
for distinguishing between 
execution spaces providing a 
higher level of security and 
execution spaces providing a 
lower level of security; * " 


Both scenarios: SUBSYSTEM distinguishes 
between programs that can run in kernel mode 
aud those that can run in user mbde*- This is a 
key security concept of process separation that 
was introduced with Windows NT- ' 

The Subsystem field in the PE header is used 
by the system to indicate whether the 
executable wiff run within King 3 (user mode)' 
or use Ring 0 (native or kernel mode). 
Anything running in Ring 3 is limited to its 
own processing space. Executables running in 
Ring 0 can reach out to other spaces and have 
security measure built around them. 


(b) using said information to identify and 
locate said one or more elements; 


Scenario 1: the MSI file identifies and locates 
the elements 

Scenario 2: 

.CAB manifest is used to identify Physical 
location 

OSD and/or INF is used to identify Logical 
location 


(c) accessing said located one or more 
elements; 


Scenario 1 : Using the MSI file 

Scenario 2: Using INF and/or OSD in cabinet 
file. 


(d) securely assembling said one or more 
elements tofoim at least a portion of said first 
component assembly; 


Both scenarios: Using the Window Installer 
OS service with various properties and flags on . 
the settings for higher protection- 
Windows Installer has numerous flags that the 
developer can set to indicate how the assembly 

---ill V A 4 «*cH *sT1a/4 it* what nrlVll.PC7P lrf*VPl WltTl 

how much user interface, and how much ability 
the User has to watch or change what is 
occurring. These controls have been 
strengthened with each release of Windows 
Installer- Windows Installer 1«1 and later has 
the ability to limit the users capabilities during 
the fastallation.in a Windows 2000 


P 
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environment and later, using the Group Policy- 
based Change and Configuration Management, 
the administrator has the most control 

Fields that can be set by the developer or 
administrator to control what users can do 
include the following: 

Transfdrmssecure can be setto a value of 1 . 
.to inform the installer that transforms are to be 
cached locally on the user's computer .in a 
location the user does not have write access- 
(Transforms create custom installations from a 
basic generic installation, for example to make 
the Finance versions different from the • 
Marketing version or English versions different 
from Japanese versions.) 

A llawLcckdownBrowse zn&DisableBrowse 
can prevent users from broy/sing to the 

sources. ' ., , , 

SourceList can be used to specify the only 
allowable source to be used for the installation 
of a given component. , , 

Environment can be used to specify whether 
the installation can be done while the user is 
Jogged oh or only when no user is logged on. 

Security Summary Property conveys whether 
a package can be opened as read-only or>wth 
no restriction. ' 

Privileged Property is used by developers oJ 
installer packages to make the installation 
conditional upon system policy, the user bang 
an administrator, or assignment by an 
administrator. ' ■ 

Restricted Public Properties can be set as 
variables for. an installation. "For managed 
installations^ the package author may need to 
limit which public properties are passed to the 
server side "and can be changed by a user that is 
not a system administrator. Some are 
commonly necessary to maintain a secure 
environment when the installation requires the 
installer use elevated privileges. u 
SecvreCustomProperties can-be created by the 
author of an installation package to add 
controls beyond the default Bst 

MsiSetlntemalUJ specifies the level of user 
interface from hone to lull; ■ " 

A Sequence Table can be used to specity the 
required order of execution for the installation 
process. There are three modes, one of which is 
Ihe Administrative Installation that is used by 
the network administrator to assign and install 
applications. 

JnstallSenricesActionn&siers a service -for 
ihe svstem and it can only he used if the user is 
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an administrator or has elevated privileges with 
>ermis$ion to install services or that the ^ 
application is part of a managed installation* ^ 
DisableMedia system policy disables media 
sources and disables browsing to media 
sources. It.can be used with DisableBrowse to 
setuie installations version 1.1 that doesn't 
iaye some of the other capabilities. "* % 
AlwaysJnstaUEIevated can l?e set per user or 
per machine and is used to install managed 
applications with elevated privileges. 
AllowLockdownBrowse, 
ADowLodcdovtoMedia and _ 
^HowLockdowhPatch set these capabilities so 
they can only be performed by an administrator 
during an. elevated installation. 



e) executing at least some of said executable 
irogramming; and 



f) checking said record for validity prior to 
performing said executing, step. 




Windows XP Professional and .NET have the 
additional capability to set Software Restriction 
Policies and have these used by Windows 
Installer. 

In addition, most of the software distribution 
technologies that use Windows Installer also 
add a layer of their own controls. For example, 
SMS 2 X). enables the administrators to control 
the installation is optional or required and 
whether the user can affect the installation 
contents/features at all. 



Both scenarios: Part of executable is called 
during installation in order to do self- 
registration or perform custom actions. The 
overall executable is used at runtime* 



Scenario 1 : Sign the overall package and the 
cabinet files. 

Scenario 2: The cabinet file is signed. 

For IE with the default security level or higher, 
. the digital signature is verified by 
Authenticode or a similar utility before the 
component is allowed to be assembled. 
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A pncess comprising the following steps: 



(a) at a firstprocessing environment receiving 
a first record from a second processing 
environment remote from said first processing 



(1) said first record feeing received in a 

(2) said first record containing 
identification information directly or 
indirectly identifying one or more, 
elements of a first component 
assembly: 



(i) at least one of said elements 
including at least some 
executabl e programming; 



(ii) said component assembly 
allowing access to or use of 

specified in formation: 

(3) said secure container also including 
a first of sa id elements: 



(b) accessing said first record 



Products infringing include all products that 
host the Microsoft .NET Common Language 
Runtime or Compact Common Language 
Pimtime. t — „ r 



Computer running the Microsoft CLR/CCLR 
receives, for example, a shared assembly 
header* or a complete shared assembly from 
^otKerxomp iTfftr, for example a serv^- — 



The shared assembly is cryptograph* 

hashed and signed, _ 

The first record is either an assemoiy manifest, 
or a whole assembly; the elements are other 
assemblies 'that are referenced as external m 
the first record; the first component assembly 
is a .NET application domain^ 



Assembly contains executable programming. 



The specified information caninchide any land 
of data file, stream, log, environment variables, 

gtC> . 

The shared assembly includes at least some 
executabl e pmpramming 



(c) using said identification information to 
identify and locate said one or more elements; 



(1) said locating step including locating 
a second of said elements at a third 
processing environment located^ 
remotely from said first processing • 
environment and said second 
processing environment; 



(d) accessing said located one or more 
elements: 



(1) said element accessing step 
including retrieving said second 
element from said Third processing 
environment: 



CLR/CCLR accesses the assembly or 
ggggm frlv header. 



Manifest and type metadata information 
section is used to identify and locate files, code 
elements, resource elements, individual classes 
and methods, 



Met by a multifile assembly, with files 
distributed across a network, .or by the second 
element constituting another referenced 
assembly located elsewhere; the CLR/CCLR 
uses probing to locate and access the file. 



Step carried out by the CLR/CCLR loader. 



Step carried-out by the CLR/CCLR loader. 



(e) securely assembling said one or more 
elements to form at least a portion of said first 
component assembly specified by said firsi 
record; and 



CLR/CCLR carries out this step, including 
checking the integrity of the load module, 
checking the load module's permissions, 
placing the load module contents into an 
application domain, isolating it from malicious 
or badiv behaved code: and from code that 
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f) executing at least some of said executable 
>rograimnbiR 



does not have the permission to call it 



Step carried oat by the CLR/CCLR. 



(1) said executing step taking place at 
said first processing environment 



CLR/CCLR is operating in the first processing 
environment specified above. 
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A descriptive data structure embodied on a 
computer-readable medium or other logic 
rfpviftg mclucH"p fenowinp elements: — 



a replantation of the fonnat of data 
contained in a first rights management data 
structure 



Product In&ingjng: Microsoft Operating 
Systems that support device driver 
signature te chnology ■ 



The driver package's INF is a data 
structure: The INF contains multiple types 
of sections, structured as hierarchy 
/"branches," thai the "Windows operating 
system or its Plug snd Play and/or Set-up 
installation services branch", through . 
based on the operating system information 
and device for which a driver is to be 
installed. The installation services use the 
"branching" structure (format) to determine 
what files should be installed. The. INF, # 
further provides disk location information 
and file directory path information for the 
files identified as necessary as a result of 
the "branching" process. 

The driver package is a "rights 
management" data structure based onthe 
fact that it is governed and based on the 
fact that it processes governed information. 

Ri ghts Management as fi ovemed Item 



A driver manufacturer can include rules , 
governing the driver's installation ancVor 
use in the driver's INF file. For example: 

Security entries specify an access control 
list for the driver. 

Driver developers can specify rules that 
determine behavior of the driver package 
based on" the user' s operating system 
version, including product type and suite 
■ImaTh^devlcTfoY' which the driver is tol)e 
installed 

Rules specifying logging 

Local administrators can establish policy as 
to what action or notification should occur 
in the event that a driver being installed is 
not signed.' ... 
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jgaid representation including:. 



element information contained within 
said first rights management data 
structure; and 



The operating system installation services 
lave a ranking criteria it follows when 
multiple drivers are available for a newly 
detected device. The criterion is used to 
determine the driver best suited for 
ensuring compatibility with tire operating ' 
system and ensuring functionality of the 
device. , • 

Drivers have been certified to be 
compatible with specified operating system 
versions for their respective device classes. 
The catalog file protects the integrity of the 
driver. 

Microsoft distributes the Driver Protection 
List to prevent known bad deriver from 
being- installed. 

Processing TKphts Managed Items 



Certain drivers (SAP) have been explicitly 
certified to protect DRM content 

fr/tSDN - DRM Overview 



A DRM-compliant driver must prevent 
unauthorized copying while digital content 
is being played. In addition, the driver must 
disable all digital outputs that can transmit 
the content over a standard interface (such 
as S/PDIF) through which the decrypted 
content can' be captured. 



The elements of a driver package include: 
A driver that is typically a dynamio-link 
library with the sys filename extension. 
An INF file containing information that the 
system Setup components use to install 
support for the device. 
A driver catalog file containing the digital 
signature. 

One or mpre optional, co-installers which 
are a Win32® DLL that assists in device 
installation NT-based operating systems. 
Other files, such as a device installation 
application, a device icon, and so forth. 

yrp DDK - INF Version Section 

The LayoutFiJe entry specifies one or more 
additional system-supplied INF files that 
contain layout information on the source 
media reouired for installing the software. 
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organization information regarding 
the organization of said elements 
within said first rights management 
data structure; and 



described in this INF* All system-supplied 
INF files specify this entry. 

The Catalogpile entry specifies a catalog 
(.cat) file to be included on the distribution 
media of a device/dri ver. 



Within ah INF is a hierarchy with.the top 
being a list of manufacturers, and subsists* 
of models and at the'bpttom a list .of install 
information by modeL 

For Windows XP and later versions of NT- 
based operating systems, entries in the 
Manufacturer section can bt decorated lo 
specify operating system versions. The 
specified versibns indicate OS versions 
with which the specified INF Models 
sections wiU be used- If no versions ?re 
specified, Setup uses the specified Models 
section for all versions of all operating 
systeras. 

INF's SourceDisksNames and 
SourceDisksFiles sections specify 
organization information. 
XP DDK - So urce Media for INFs 
The methods you should use to specify 
source media for device files depend on 4 " 
whether your INFs ship separately from the 
operating system or are included tvith the 
operating system, 
JNFs fbr drivers that are delivered 
separately from the operating system 
specify where the files are located using 
SourceDisksKarnes and SourccDisksFiles 
sections. 

If the files to. support the device are 
included with the operating system, the 
INF must specify a LayotrtFile entry in the 
Version section of the filet Such an entry 
specifies where the files reside on the 
operating system media. An INF that 
specifies^ Layout File eirtiy must not 
include SourceDisksNames and 
SourceDisksFiles sectiops. . 
gCP.DDK - INF SourceDisksNames 
Section ' . 

A SourceDisksNames section identifies 
the distribution disks or CD-ROM discs 
that contain the source files to be 
transferred to the target machine during 
installation. Relevant values of an entry in 
the INF include; 
disJdd— Specifies a source disk. 
disJt-d'escrwtinn - Describ es the contents 
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and/or purpose of the disk identified by 
disMd, 

tag-or-cab-jile - This optional value 
specifies the naihe of a tag file or cabinet file 
supplied on the distribution disk, either in. 
the installation root or in the subdirectory 
specified by path, if any; . ' 
pdtK— This optional value .specifies the 
path to the directory on the distribution 
disk containing source files* The path is 
relative to the installation root and is 
expressed as \dini4mel\dirname2... and so 
fojfr- 1 

flag? - For Windows XP and later, setting 
this to : 0x10 forces Setup to use cab-oMag- 
fite as a cabinet file name, and to use ta$- 
jile as a tag file name. Otherwise, flags is 
for internal use only. 
tag-file - For Windows XP and later, if 
flags is set to 0x10, ibis optional value 
specifies the name of a tag file supplied on 
the distribution medium, either in the 
Installation root or in the subdirectory 
specified by patlL The value should specify 
the file name and extension without path 

information.. 

XP DDK — INF SourceDisksFiles Section 
A SourceDisksFiles section names the 
source files used during installation, 
identifies the source disks (or CD-ROM 
discs) that contain those files, and provides 
the path to the subdirectories, if any, on the 
distribution disks containing individual 
files. Relevant values in an entry in the 
INF would include: 

filename.— Specifies the name of the file on 
the source disk. . 

disfad-- Specifies the integer identifying 
the source disk that contains the file. Ibis 
value and the initial path tp the 
subdirectory), if any, containing the. 
named file must be defined in a 
SourceDisksNames section of the same 
INF. ^ 
subdir ~ This optional value specifies the 
subdirectory (relative to the 
SourceDisksNames path specification, if 
any) on the source disk where the named 
file resides, ■ 



information relating to metadata, said 
metadata including: 



metadata rules used at leastin pan to 
govern at least one aspect of use and/or 
display of content stored within a rights 
management data structure. 



The driver manufacture can specify rules in 
the fNF thai govern the installation and/or 
use of the driver* For example, security 
entries snecifV an access control list for the 
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driver. Driver developers can specify rules 
in an INF file that determines behavior of 
the driver package based on the user's 
operating system version, including 
product type and suite. Also, rules related 
to logging can be specified as mentioned hi 
next claim element 

For Example - Access Control List 
Rules 

XP DDK - Tightening Ffle»Qpen ' 
Security in a Device INF Pile 
For Microsoft Windows 2000 and later, 
Microsoft tightened file-open security in 
the class installer INFs for certain device 
classes, including CDROM, DisfcDrive, 
FDC, FloppyDisk, HDC, snd 
SCSIAdapter, 

If you are unsure whether the class installer 
for your device has tightened, security on . 
file opens, you should tighten security Ify 
using the device's INF file to assign a value 
to the DeviceCharacteristics value name 
in the registry. Do this within an add- 
registry-section, which is specified using 
the INF AddKeg directive, 
XP-DDK - INF AddReg Directive 

An INF can also contain one or more, 
optional add-registry~section-security 
sections, each specifying a security 
descriptor that will be applied to all registry 
values described within a named add- 
registry-section. 

A Security entry specifies a security 
descriptor for the device. The security- 
descriptor-string is a string with tokens to 
indicate the DACL (D:) security 
component. A class-installer INF can 
specify a security descriptor for a device 
class. A device INF can specify a security 
descriptor for an individual device, 
overriding the security for the class. If the 
class and/or device INF specifies a 
security-descriptor-string, the PriP 
Manager propagates the descriptor to all 
the device objects for a device, including 
the FDO, filter DOs, and the PDO. 

For Example - Operating System 
Versioning 

Ooeratin&-Svslem Versioning for Drivers 
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said metadata rules Including at least 
one rule specifying that information 
relating to at least one use or display of 
said content be recorded and/or 
iepcirte3[L tt . 



under Windows XP 

§etup selects the [Models] section to use 
based on the following rules: 

If the INF contains [Models] sections for * 
several major or minor operating system • 
version numbers, Setup uses the section 
with the highest vfersion numbers that are 
not higher than the operating system 
version on which the installation is taking 
place. - 

If the INF [Models] sections that match the 
operating system version also include 
product-type decorations, product suite 
decorations, or both, then Setup selects the 
section that most closely matches the 

running operating system. 2 

The AddService directive can set up event- 
logging services for drivers. 
INF AddService Directive 
An AddService directive is used to control 
how (and when) the -services of particular 
Windows 2000 or later device's drivers are" 
loaded, any dependencies on other 
underlying legacy drivers or services, and 
so forth. Optionally, this directive sets up 
event-logging services by the ' 
devices/drivers as well. 
Relevant sections of the directive's entry . 
include: 

event-log-install-section -Optionally 
references an INF-writer-defined section in ' 
which event-logging services for this 
device (or devices) are set up, 
EyentLogType — Optionally specifies one 
of System, Security, or Application. If 
omitted, this defaults to System, which is 
alifcost always the appropriate value lor the 
installation of device drivers. For example, 
an INF would specify Security only if die 
to-be-installed driver provides its own 
security support 

EventName — Optionally specifies a name 
to use for the event log. If omitted, this 
defaults to the given ServiceName* 



15- A descriptive data structure as in claim 
14. in which: . 



aid first rights management data structure 
Comprises a first secure container. * - 



The driver package is secured through a 
.catalog file that is signed by Microsoft's . 
Windows Hardware Oual itv Lab and 



148; 
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package. The INF identifies the catalog 
iit^'H trt cion the driver TfflckflPP 


36* A descriptive data sti^cture as in claim 
35. in which: :! 




said first secure container comprises; • 


The first secure container is the driver, 
package secured bv a cat aloe file. 


caj^ *v>ntenfc and 


The content is the driver and related files 
within the signed driver package. 


rules at least in part governing at least 
one use of said content 


The rules are within the INF, whjch is part 
or the sienea rover pacKage. , — — i 


37* A descriptive data structure as in claim 
36, wherein the descriptive data structure is 
stored in said first secure container. 


The INF is stored within the signed driver 
package. 

. • * 


44. A descriptive data structure as in claim 
34. further including: 




a representation of the format of data 
contained in a second rights management 
data structure, 

* 


The manufacture and models sections in 
the INF Version section are provided for 
the possibility of a angle INF representing 
the format for multiple drivers. 

Operating system version "decorating" 
relating the architecture, major and minor 
operating -systems versions, product and 
suit information all relate to the target 
environment and is used to identify the 
files necessary for the target environment 

An INF file, such as in the case of 
operating system targeting, can be used for 
more than one'driver package since it can 
contain more than one catalog file. 

Further an INF can address the drives 
necessarv for a multi-functional device. 


said second rights management data 
structure differing in at least one respect 
from said first rights management data 

CtMYrtllTP. 


-The files of the second data structure would 
vary from the files on the first data 
Structure. 




45* A descriptive data structure as in claim 
44. in which: 




said information regarding elements 
contained within said first rights 
management data structure includes 
inform ation relating to the location of at 
Tftflci rmt> such element- 


INF specify where the driver files are 
located using the SourceDiskNaroes and 
SourceDSskFiles sections. 




46. A descriptive data structure as in claim 
44. further including: 




a first target data block including 
iTifnrmfltion relatine to a first tareet * * 


Operating system version "decorating" 
relatincithe architecture, maior and minor 


!j 
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environment in which the descriptive data 
structure may be used. 



operating .systems versions, product and 
suit information all relate to the first target 
environment — ; ■ 



47. A descriptive data structure as in claim 
46. farther including: - -• ■ 



asecond target data block inclttding 
information relating to a second* target . 
environment in which the descriptive data 
structure nW be used. 



said second target environment differing in 
at least one respect from said first target 



Operating system version decorating will 
cover multiple operating systems.- 



This is the reason for version decorating. 



environment. _ — I 

4& A descriptive data structure as in claim 
46, farther-mnjiidinfir _ 




a source message field containing 
information at least in part identifying the 
source for the descriptive data structure. 


The provider entry in the version section of 
the INF identifies the provider of the TNF 
file: Also, the INF contains a manufacture 
section. — 



.1 



Exhibit B i; 

PAGE 33/92 * RCVD AT 8/4/2004 8:16:32 PM [Eastern Daylight Time] * SVR:USPT0-EFXRf -1/1 * DNlS:8729306 * CS1D:6508496775 « DURATION (mm-ss):28-08 



4. 20 

1 

2 
' 3 
. 4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 



\ 5:33PM 



PALO ALTO OFFICE 
• ) * 



NO. 337 *' P. 39 



TTsr rfWTXIJST TECHNOLOGIES CORP .v. M ICROSOFT CORP. 

INTERTRUST INFRINGEMENT CHART 

FOR U.S. PATENT NO. 5^20,861 



58. 



A method of creating a first secure 
container, said method including the 
foj jflwihp steps: 



(a) accessing a descriptive data structure, 
s?id descriptive data suucture 
foci tiffin g or addressing , 



Product Infringing: Microsoft Reader SDK 
and Microsoft Digital Asset Server, 
Method is carried out by Microsoft's 
Digital Asset Server and Microsoft's 
.Litgep tools 



.opf file describing the file structure of a 
protected e-book including metadata, 
'manifest and "soine" information 



including ur auuicaam^ 

(1) organization information at least 
in part describing a required or 
desired organization of a content 
section of said first secure 
container, and 



Organization information regarding 
organization of the ebook and the 
inscription as specified in the manifest and 
spine information in the .opf file 



(2) metadata information at least in 
part specifying at least one step 
required or desired in creation of 
said first secor * ^nniarrrer- 



Metadata constitutes roles specifying the 
degree of security to use and/or XrML 
rules 



sola iirsi acumc w iii/inici- 

(h) using said descriptive data structure to 
organize said first secure container 
contents 



e-book packaging carried out by Microsoft 
Litgen tool 



(c) u sing said metadata information to at 
least in part determine specific 
information required to be included in 
said first secure container contents; 
and 



71. 
(a) 



Step performed by Digital Asset Server; 
example of specific information is 
owner/purchaser information required in 
the inscription process 



(d) generating or identifying at least one 
yule designed to control at least one 
aspect of access to or use of at least a 
portion of said first secure container 
contents. 



Analyzing the metadata and finally 
packaging the e-book using a particular 
security level specified through the 
metadata 



A method as in claim 58, in -which: 



said specific information required to 
be included includes information at 
least in part identifying at least one 
owner or creator of at least a portion of 
said first secure container contents. 



Owner purchaser information required in 
the inscription process; XrML rale 
requiring display of copyright notice 
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i. method of creating a first secure 
Mitainer, said method including the 
)Ucrwing steps; 



j) accessing a descriptive data structure, 
said descriptive data structure 
including or addressing 



(1) organization information at least 
in part describing a required or 
desired organization of a content 
section of said first secure 
container!, and 



Product Infringing: All products that host 
the Microsoft Common Language Runtime 
or Compact Common La vage Runtime. 



Method is practiced by a user using the 
Common Language Runtime (CLR) or. 
Compact Common Language Runtime 
(CCLR) to create a dynamic shared 
assembly or .NET Framework SDK to 
create a shared assemble 



.NET framework Assembly class and/or 
AssemblyBuiider class and/or , , 
As^emblvlnfofile 



This information is specified in the classes 
named above and in the Assemblylnfo file. 



(2) metadata information at least in 
part specifying at least one step 
required or desired in creation of 
said first secure container; 



b) using said descriptive data structure to 
organize said first secure container 
contents; 



c) using said metadata information to at 
least in part determine' specific 
information required to be included in 
said first secure container contents; 

and 



This information is addressed in the classes 
and the Assemblylnfo file, e.g., for a shared 
assembly metadata will be specified that 
the assembly is to be signed using specified 
kev 



This step is carried out by applications and 
tools using the classes and assembly info 
file, including CLR (or CCLR) and J4ET 
Framework SDK 



d) generating or identifying at least one 
rule designed to control at least one 
aspect of access to or use of at least a 
portion of said first secure container 
contents. 



i4. A method as in claig i hi which! 
a) said creation of said first secure 
container occurs at a first data 
processing arrangement located at a 
first site- 



This step is carried "out by applications and 
tool's using the assembly info file and 
classes that specify the metadata required 
in the target assembly. 



User may specify rules, as specified in the 
.NET Framework SDK, to be placed inthe 
assembly manifest including such rales 
requiring that all code be managed (CLR or 
CCLR compliant), "Code Access Security* 
permissions be supplied for useof code 
_supplied in the assembly, etc . 



[b) said first data processing arrangement 
includi n g a communications port: arid 

fc) said method further includes: 

(1) prior to said step of accessing said 
d^crfntive d* ^ structure, said 



Can be a server, PC or workstation running 
CLR (or CCLR) to create a dynamic shared 
assembly or .MET Framework SDK to 
create a shated assembly! 



Included in virtually any computer 



Download of the assemblyinfo file arid/or a 
file containing a class c alling the ^ 



I 



8: 
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first data processing arrangement 
receiving said descriptive data 
structure from a second data 
processing arrangement located at 

a second site. . 

) said receipt occurring through said first 
data processing arrangement. 

communications port. ; — 

A method as in claim 64, further 

comprising: J. . — _ 

said first processing site, receiving said 
metadata through- said communications 
port 



R. A method as in daW CT- m which, 
i) said metadata is received separately 
from said descriptive data slructiire.' 



1. A method as in claim in which: 

a) said specific information required to 
be included includes infbnuation at 
least ha part identifying at least one 
owner or creator of at least a portion of 

said first secure container contents. 

tt. A method as in claim 58. in w hich: ■ 
a) said specific information required to 
be included includes a copyright 
notice. . — ^— — 



NO. 337 P. 41 

• ) ■ 



DefineDynamicAssembly methods or 
download of SDK containing 
asserablybuilder class from a second site 



Communications port is normally used for 
downloading 



Download of the Assemblylnfo file and/or 
. a file containing a chiss calling the 
DelmeDynamicAsSembly methods or 
download of SDK containing 
assembivhuilder class fr om a second site, — 

Method practiced when metadata. names are 
addressed by the assembly ci«ss and a 
template for the Assemblylnfo file, and 
values corresponding to those names are 
received through a user interface such as 
provided by Microsoft Visual Studio or are 
provided frnrn a separate file 

The Assembly class definition includes 
attributes for company name and trademark 
information, and these may be'required 
attributes specified in the Assemblylnfo file 



The Assembly class definition includes an 
attribute for copyright field that may be 
required by *h fe Asser nhrylnfo file 



j 1 
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A method of creating, a first secure 
container, said method including the 
following steps; 



(a) accessing a descriptive data structure, 
said descriptive data, structure 
Including or addressing . 



n) organization infoxination at least 
in part describing a requited or 
desired organization of a content 
section of said first secure 
container, and 



(2) metadata information at least in 
part specifying at least one step 
required or desired in creation of 
said first secure container; 



»roduct Inftinging*. Microsoft -NET 
Framework, Visual Studio .NET, and tools 
that include the Assembly Generator tool 
AL.exe. 



The Assembly Generation tool generates 
a portable execution file with an assembly 
manifest from one or more files that are 
either Microsoft iritermediate lfng°*Be 
<MSIL} modules or resource fijesi when 
.using tire tool's signing option, the 
Wtmhlv b* r* ffineg. a sec ure container. 

•to J Ar.tr, rtnirtljrp fa the tC3 



The descriptive data structure is the text 
file used as input by the Assembly 
Generation tool. 



The DDS specifies the link arid or embed 
directives to indicate which source files 
should be included in the assembly, how 
the included resource will be tagged, and if 
the resource will be-private. Private 
resources are not visible to other 
assemblies. - 
These tags are used to organize the 
assembly into named sections. 
Private attributes are used to organize the 
assembly into both public and /wfy^e 
crrtfrins (Public sectio ™ are the default) 



The text file can contain "options^ relating 
to how the assembly should be built and 
additional information that should be 
included. 

Main - Specifies the method to use as 
ah .entry point when converting a 
module to an executable file. 
Algid- Specifies an algorithm to hash 
all files. . 
Camp - Specifies string for the 
Company fields 
Conf- Specifies string for 
Configuration field 
Copy - Specifies string for Copyngnt 
field. 

Culture - Specifies the culture string to 
assodate with the assembly- 
' Delay - Variation of this option . 
jcp^fi ^ whether the g ^eiriblv-wgi be 



i 

"FvWMt ft 
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(b) using said descriptive data structure to 
organize said first secure container 
contents 



(c) using said metadata infoimation to.at 
least in part determine specific 
. information required to be included in 
said first secure container contents; 
and 



fully or partially signed and whether the 
public key is placed in the assembly. 
Description - Specifies the description 
field/ 

Evidence - Embeds file in the assembly 
with the resource name 
Security .Evidence. 

Fikversiori ~ Specifies the file version 
of the assembly. 

Flags - Specifies flags for such things 
as the assembly is side-by-side 
compatible, assembly cannot execute 
with other versions if either they are 
executing in the same application 
domain, process or computer. 
Keyf- Specifies a file that contains a 
key or key pair to sign an assembly. 
Ksyn - Specifies the container that holds 
a key pair. 

Product - Specifies siring for Product 
field. 

Productv — Specifies string for Product 
Version- 

Template - Specifies the assembly fro 
which to inherit all assembly metadata. 
Title - Specifies string for Title field. 
Trade - Specifics string for Trademadc 
field. a 
V— Specifies version information, 



The following directives are used to specify 
which files are to be compiled into the 
assembly, how they will be tagged, and 
whether or not they will be visible to other 
assemblies, AKA private: . 

Embedfna&e* private] — copies the 
content of the file into the assembly and 
applies an optional name tag, and . 
optional private attribute. 
Linkfname, private]- file becomes part 
of the assembly via a link and applies an 
optional name tag, and optional private 
attribute, 



The following are some of the "options". 
address what information should be 
included in the secure container: 

. Main — Specifies the method to use as 
an entry point when converting a 
module to an executable file. 
Comp - Specifies . string for the 
Company field. 
Conf - Specifies string for 
Configuration field' 

' Conn- Sp ecifies string for Copyright . 
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(d) generating or identifying at least one 
rule designed to control at least one 
aspect of access to or use of at least* 
portion of said first secure container 
contents. 



71, A method as m claim 58, in which: 



(a) said specific information required to. 
be included includes information at 
least in part identifying at least one 
owner or creator of at least a portion of 
said first secure container contents- 



72. A method as in claim 58, in whfch; 



(a) said Specific information required to 
be included includes a copyright 
notice. 



field. 

Culture - Specifies theculture string to 
associate with the assembly. 
Description - Specifies the description • 

fid* . « 'Vu 

Evidence - Embeds file in the assembly 

with the resource name. . •. 

Security.Eviden<5e. m 

FQeversion - Specifies the file version 

of the assembly. 

Flags - Specifies flags for such tilings 
•as the assembly is side-by-side 
.compatible, assembly cannot exefcute 
with other versions if either they are 
Executing in fbe^pame application 
domain, process or computer* » 
Keyf- Specifies a file that contains a 
key or key pair lo sign an assembly. 
Keyn - Specifies the container that holds 
akeypair. ^ ^ ' 

Product - Specifies string for Product 
field. ^ 3 

Product? - Specifies string for Product 
Version, 

Template - Specifies the assembly fro 
which to inherit all assembly metadata- 
jitle _ Specifies string for Title field. 
Trade - Specifics string for Trademark 
field, 

V— Specifies version information^ 



User may specify rules, as specified in the 
JNET Framework SDK, to be placed in the 
assembly manifest including such rales 
requiring' that all code be managed (CLR 
compliant), "Code Access Security" 
permissions be supplied for use of code 
supplied in the assembly, etc. 



The following "options" specifies owner 
and creator information: 

Comp - Specifies string for the 
Company field- 
Cow- Specifies string for Copyright 
field. 

Trade - Specifics string for Trademark 
field- : 



The copy "option" specifies the string for 
the for the Copyright field. 



Exhibit E^l 

PAGE 44/92 4 RCVD AT 8/4/2004 8:16:32 PM [Eastern Daylight Time] * SVR:USPTO-ff XRF-1/1 * DNIS:8729306 * CSID:6508496775 * DURATION (mm«s):28-08 



AUG. 4. 2004 5:35PM . PALO ALTO OFFiCE 



I 
2 
3 
4 
5 
6 
7 
.8 
9 

10.- 

n 

12 
13 
14 
15 
16 

\1 
IS 

.19 

20 

21 

22 

23 

24 

25 

26 

27 

28 



•) 



NO. 337 P. 45 



7NTERTRUST T ^mntOGIES ^ «■ MICROSOFT CORP. 
1NTERTRUST INFRIN GEMENT CHART 
FOR U.S- PATENT NO. 5,932,891 



A method for using at least one resource 
processed in a secure operating environment at 
a first appliance, said method comprising: 



Products infringing: All products that include 
the Common Language Runtime or Compact 
Common Language Runtime or Common 

I^anfluaee Infrastructure^ 



Resource may constitute a Microsoft Windows 
process or hardware element; secure operating 
environment is Microsoft Common Language 
Runtime ("CLR*D environment, Common 
Language Infrastructure ("CLF) or Compact 
CLR CCClR 7 *); first appliance is computer 
tunning CLR, CLI or Compact CUL Two 
infringing scenarios are set forth herein: (1) 
For CLR, an adtfunistiator, using the .NET 
framework caspoKexe tool remotely configures 
security policy in a .NET configuration file for 
a machine, enterprise, user, or application and 
that security policy interacts with rules or 
evidence declared in a shared assembly 
provided by another entity ("1? scenario"); and 
(2) for CLR, CLI and CCLR two assemblies 
are delivered to an appliance; the first 
assembly has. a rule that demands permissions 
from a caller in the second assembly, and the 
second assembly includes a control that asserts 
such permissions or provides evidence that 
convinces the runtime that it has such 
permissions. <*2 nd scenario"). In each scenario 
Microsoft -NET "Code Access Security" 
framework or "Role Based Security" 
framework is used. 



{a) securely receiving a first entity's control at 
said first appliance, said first entity being 
located remotely from said operating 
environment and said first appliance; 



(b) securely receiving a second entity's control 
at said first appliance, said second entny being 
located remotely from said operating, 
environment and said first appliance, said 
sgpcnnd entity being dif ferent from said first _ 



.1* scenario: first entity is the administrator, 
and the policy that constitutes this entity's 
control is securely received at the first 
appliance through a session established 
between the administrator's computer and the 
first appliance, requiring security credentials 
such as the administrator's login and password 
or other secure session means. ' 
2 nd scenario; first entity is creator or distributor 
of the first assembly, assembly manifest 
includes a control demanding or refusing or 
otherwise asserting a security action on 
permissions from a caller; first assembly is 
integrity-checked 



Second entity's control is contained in shared 
assembly manifest (and therefore integrity _ 
protected) thai provides evidence for obtaining 
permissions, or asserts permissions; assembly 
creator/distributor is located remot ely and i& — 



.1 
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entity; and 


not the administrator (1 scenario) or 
creator/distributor of the first container (2 
Kf^^rioV ! . — 
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(c) securely processing a data item at said first 
appliance, using at least one resource, . 
including securely applying/at said first 
appliance through use of said at least one 
resource said first entity's control and said^ [ 
second entit/s control to govern use of said 

data item. 


Secure processing is carried out by CLR, CLI 
or CCLR, Data item constitutes an executable 
code element, an interface controlled by such 
an executable* a data collection or stream (such 
asmediafileorstream i orlextfiJe)oran. - 
environment Variable! CLR, CLI or CCLR 
securely processes the rules, which will in both 
scenarios govern access to methods and data 
from the first assembly. The resource named in fl 
the claim is, e.g,, a' Windows process that is 
established by the runtime ox hardware element- 
on the computer- . — - ■ — 


51, a method as in claim 1 wherein at least 
said secure processing step is performed at an 
end user electronic appliance. • 


Consumer computer or appliance running 
Microsoft CLR, CU or CCLR), 


58* A method as in claim 1 wherein the step of 
securely receiving a first entity's control 
comprises securely receiving said first entity's . 
control from a lembte location over a 
telecoracdunications link, and the step of 
securely receiving said second entity's control 
comprises securely receiving said second 
entity's control from the same or different 
remote location over the same or different 
telecommunications link- 


'1 st scenario 1: link is LAN or WAN; 2°° 
scenario: link is any telecommunications link, 
including the internet. 

• • 


65. A method as in claim 1 wherein the 
processing step includes processing said first 
and second controls within the same secure 
processing environment 


Secure processing environment is CLR, CLI or 
CCLR running on user's computer or 
appliance* 


71. A method as in claim 1 further including 
the step of securely combining said first 
entity's control and said sectmd entity's control 
to provide a combined control arrangement 


In scenario % arrangement consists of the stack 
frame, and .the corresponding array of 
permission grants for assemblies on the stack, 
and the permission demanded by the first 
Assembly. Secure combining performed by the 
CLR. CLl'or CCLR. 


76. A method as in claim 1 wherein said two 
securely receiving steps are independently 
performed at different times. 


Steps are performed at different times m ootn 
scenarios. 


84, A method as in' claim 1 wherein at least one 
of the first entity's control and the second 
entity's control comprises at least one 
rcpfniahle component and at least one data 
comnonenL ' ■ : - 


In both scenarios the second entity supplies an 
assembly, with a demand procedure executed 
by the CLR,, CLI or CCLR, The data 
component is a specific attribute value 
referenced bv the assembly. 


89. A method as. in claim 1 wherein said first 
appliance includes a protected processing 
environment, and wherein: 


Microsoft Common Language Runtime (CLR), 
Common Language Infrastructure (CLI). or 
Compact Common Language Runtime (CCLR) 
environment- ; 


(a) said method further comprises a step of 
receiving, at said first appliance, said data item 


Typically occurs in both scenarios. *; 

j — . ~ — — ^ — , 



— !T 
-J 
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separately and at a different time from said . 
r— — ™* fi^t entity's conJroUand _ 




(b) said securely processing Step is perfonned . 
at least in part in said protected processing 
j envirorirrjent 


Protected processing environment is the CLR, 
CU or CCLR. 
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22. 



A method of securely controlling use by a third 
party of at least one protected operation with 
respect to a data hem comprising: 



(a) supplying at least a first control from a first 
party to said third party; 



Infringing products include Office 2003 and 
included applications, and Server 2003„ 
including Microsoft hosted RMS Service using 
Passport 



A user (third party) accesses an IRM-protected 
data item governed by IRM controls under two 
or more RMS servers. For example,, the data 
item may be a IRM-protected document. .. 

The IRM controls may be associated with tbe 
data item directly Or via a IRM-protected 
container holding the IRM-protected dfta^ern, 
such as an IRM-protected email .with the IRM- 
protected (Iftcument attached.^ 



The user acquires a first use license from a first 
RMS server (first party) enabling access to, the 
IRM-protected data item under the IRM rules 
associated with the first RMS server. For 
example: (1) the fust use license from the first 
RMS server permits the user to access a IRM- 
protected document contained wfthin or 
attached to an IRM-protected email; or (2) the , 
first use license from the first RMS server 
applies a first set of IRM roles to an IRM- 



(b) supplying, to said third party, at least* 
second control from a second party different 
from said first party; 



(c) securely combining at said third party's 
location, said first and second controls to form 
acontrol"tuTangement; - -• — ' 



(d) securely requiring use of said control 
arrangement in order to perform at least one 
protected operation usinp said d ate item: and 



protected A ntsam&KL 

The user acquires a second use license from a 
second RMS server (second party) enabling 
access to the IRM-protected data item under 
tbe IRM rules associated -with the second RMS 
server. For example; (1) in addition to me 
user being given access to an IRM-protected 
email based on a first use license, a second 
RMS server provides a second use license 
enabling access to the IRM-protected 
document attached thereto; or (2>the second ' 
use license from the second RMS server 
applies a second set of IRM rules to the IRM- 
protected documenti 



The first and second use licenses are combined 
to form a control arrangement that governs 
■ -access to ihe iKM-proteeted data item. 



The combined first and second use licenses 
govern access to the IRM-protected data item. 



^^^^^^ ^s^^ssssx^^ 

protected operation on behaJ ofsaid tow read, ^ ^ on 



party with respect lo said data item by at least 
in part employing said control arrangement 



hem- The combined first and second use 
licenses are employed to permit the protected 
operation. 



II PvVifKit ii 
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23. A method as in claim 22 wherein said data 
j^rr. ic protected.. 



The data hem is encrypted and protected.by 



39 A ffSod as in claim 22 further includmg 
securely and persistently ass editing at least 
oneof : (a) said first control (b) said second 
Slntrol, ak (?) said contiol «r angement, with 
e«iA data hem " ' 



The first and/or second use ueara securely 
and persistently associated with the ERM- 
.protected data Hem. . " 



8 



pain ciMLa-iw.ui. ~- — , . . 

53 A method as in claim 22 wheiem at least 
twoof the recited steps are performed at an end 

iiwr Electro ™**- appliance.^ _: — — r — 

60. A method as in claim 22 wherein step (a) 
SmprSes supplying said first control from at 
least one remote location over a 
telecommunications link, and step W 

at diffgp>»t t^^mmunications link 
^- . __i.„.i ;„ ninfm 79. wherein at lea 



Steps performed at a user's computer or 
appliance. 

The first and second use licenses are received 
over a telecommunications link Such as a 
networking or modem/serial interface. 



67. A method as in claim 22 wherein *u least 
sten (c) is performed within the same secure 
processing environment at said third party's 



'Steps are performed at user's computer or 
appliance. 



(a) said method further comprises supplying 
said data item to said third party separately and 
at a different time from supplying of said first 
control to said third party, and 



[The first use license (first control) is received 
1 at the time that the user accesses the data item, 
| which occurs separately and at a different time 
from receipt of the lRM-protected data item 
itself. 



(M said securely performing step composes 
forming said protected operation at least »n 
part in a protected processing environment. 



The protected operations require decryption of 
the protected content, which is done inside the 
RM lockbox- The KM lockbox is protected by 
mechanisms such as obfuscation, amV 
Hipping. tamper TPStstanre. 
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Products infringing; Visual Studio • 
.NET Framework SDK, and.all products 
I that include the Common Language . 
I Runtime pr Compact Common Language 
I Runtime or Common language 
Infrastiucture, — 



A secure method for combining data 
items into a composite data item t 

r Comprising . : — - — — i 

[(a) securely providing, from a first location 
1 to a second locafion, a first data item 
I having at least a first control associated 
therewith; 



[(b) securely providing, from a third 
location lo said second location, a second 
data item having at least a second control 
associated therewith; 



(c) forming, at said second location, a 
composite of said first and second data 

items: __ -r 

I (d) securely combining, at said second 
i„l*4:«^ <?o*A firct and second controls 



A first signed and licensed .NET 
1 component, -NET assembly, managed 
control and/or Web control (component) is. 
I the first data item. The first -NET 
component developer (first location} 
, provides the application assembly 
developer (second location) the first 
component The first control is the set of 
I declarative statements comprising the 
I LicenseProviderAttribute (alternately 

referred as license controls^. 

A second signed arid licensed component is 
the second data item. The second 
component developer (third location) 
1 provides the application assembly 
I developer (second location) trie second 
component The second control is the set 
of declarative statements comprising the 
LicenseProviderAttribute. 



The application assembly developer will 
include at least the two components into its 
assembly 



ia) securely cuiuuwuug* ^ - jw ~*;- 
location, said first and second controls to 
form a control arrangement; and 



•26 
27 
28 



| At the second location, the application 
assembly developer uses the -NET runtime 
that includes the Licensed anager. 

I Whenever a component is instantiated 
1 (here, an instance of the first licensed 
I component), the license manager accesses 

the proper validation mechanism for the 
I component The license controls (first 

control) for the runtime license (derived 

from the design^ime license) are bound 
1 into the header of the JNET application 

assembly, along with the second control for 

the second component 

Visual Studio.NET securely handles the 
creation of runtime license controls. 
Runtime licenses are embedded into (and 
bound to) the executing application 
^s^ r^v.TH e license corvtrol attribute — 



-n 
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(e) performing at least one operation on 
said composite of said first and second data* 
items based at least in part on said control 
arrangement, - ; — 



included in the first component is 
customized in the second location to 
express, and require the runtime license. In 
a more advanced scenario, the License 
Compiler tool can be used to create a 
"licenses file** containing licenses for 
multiple components, induding^nmtime 
Kcehses for components and classes created 
by the license provider. This -licenses file - 
is embedded into the assembly. 

The third control set comprises the runtime 
license controls for the first and second 
components (that had been bound to the 
assembly), the declarative controls 
provided by the application assembly 
developer, and any- runtime licenses for 
other components included by the 
developer in application assembly. The 
controls are typically integrated into the 
header of the .NET application assembly 
calling the first licensed components 



The proper execution of the application 
will require that the assembly have run 
time licenses for the two components. 



27. A method as in claim 26 wherein said 
combining step, includes preserving each of 
said first and second controls in said 
composite set, , _ 



The se! of declarative statements 
comprising the LicenseProviderAttribute of 
both the first and second components are 
included in the app lication assembly. 



28. A method as in claim 26 wherein said 
performing step comprises governing the 
operation on said composite of said first 
and second data items in accordance with 
said first control and said second control. 



The application will require the first and 
second controls to operate properly when it 
calls the first and second data items, 
respectively. 



29- A method as in claim 26 ^herein said 
providing step includes ensuring the 
integrity of said association between said 
first controls and said first data item is 
maintained during at least one of 
transmission, storage and processing of 
said first data hem. , 



Signing the component that has embedded 
within it the license control ensures the 
integrity of the association of the control 
and data item. 



31. A method as in claim 26 wherein said 
providing step comprises eodeli vering said 
first data item and said first control 



The component includes the license control 
and therefore they are codelivered. 



40. A method as in claim 26 further 
including the step of securely ensuring thai 
at least one of (a) said first control, (b) said 
second control, and (c) said control 
arrangement- is persistently associated with. 



Each component includes the license 
control. Signing the component that has 
embedded within it the license control 
ensures the persistence of the association of . 
the control anddata-ii *™- - - * 
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at least one of said first and second data 
iteros^_ ; 



54 A method as m claim 26 wherein at 
leak one of steps (c), (d) and (e> re 
performed at an end user ? Lectronic 
ap pliance. — - — ; — —p — 



At least step.(e) is typically performed at an 
end-user electronic appliance. 



61 A method as in claim 26 wherein step 
(a) comprises providing said first data item 
rom at least one remote location over a 
telecommunications link, and step (b) 
comprises providing said second data item 
from the same or different remote location 
over the same ox different 
te1ecornmi™ fcations lirdc 
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68 A method as in claim 26 wherein step 
i d) is performed within the same secure 
jrocessing environment at said second 
nation. : . - 



Microsoft maintains Web sites where a 
developer can get componente over the 
Web. These sites include references 
whereby'a developer may obtain . 
componentsthrough theirWeb connectioiL 
One such site is Internet Explorer Web 
Control Gallery at ^ " ' . , 
;» cnm pdnentp ™ir,™nn.com/webcontrols_ 



Typically, step <d) will bt performed 
withm me same secure processing ■ 

environment. 



79. A method as in claim 26 wherein steps 
(a) and (b) are performed at different times. 



The application assembly develops will 
typically acquire components at different 
times '■ 



86 A method as in claim 26 wherein at 
least one of the first and second controls 
comprises at least one executable 
component and at least one data 

c ompone nt. — 



The component must include an executable 
and can include a data items as a EULA, 
readme file or help file. 
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5 



, method for using at least one resource 
recessed by a secure operating 
rwironment said metho d comprising: — 
scurely receiving a first load module 
rovided by a first entity external to said 
peratftig environment ^ 



infringing products include: Windows 
Media Player, Individualized DRM Clients 
and the Secure Audio Path <S AP) 
tftriinolopv- 



ecurely receiving a second load module 
rovided by a second entity external to said 
peratlng environment, said second entity 
eing different from said first entity; and 



eciirely processing, using at least one 
esource, a data item associated with said 
irst and second load modules, including 
ecurely applying said first and second load 
nodules to manage use of said data item. 



56, A method as in claim 35 wherein at 
east two of the recited steps are performed 
rt an end user electroni c appliance. . 



>3. A method as in claim 35 wherein said 
irst load module receiving step comprises 
securely receiving said first load module 
Torn at least one remote location over at 
east one telecommunications link, and said 
second load module receiving step 
x>mprises securely receiving said second 
load module from the same or different 
remote location over the same or different 
telecommunications link. 



The Individualized DRM Client (first load 
module) fc a signed security upgrade DLL* 
It is also bound to the^ hardware ID of the 
machine on which it runs. It is therefore 
Eflcnrgly delivered and fr l^ty protected: 
A SAP certified driver is also signed arid 
carries with it a certificate that indicates its 
compliance with SAP criteria. If it is 
delivered to a PC it is secure in the sense 
that it is integrity protected. This driver 
would not come from the same entity as the 
Individual *^ m PLL- 



If a WM audio file targeted to the 
Individualized DRM client carries with it a 
requirement that SAP be supported to 
render the WMF contents, the content is 
processed for playing through a saundcard 
using the WMP and by applying the DRM 
client - which decrypts the content and 
negotiates with the DRM kernel processing 
of the content through a Secure Audio Path 
that includes the SAP-certified audio 
driver* ' P 



All steps occur at the user's PC that 
supports the WMP and DRM client and 
gAP : 



The Driver and DRM client are received 
from distinct locations and may be 
delivered securely over the IntemeL They 
are delivered securely in that each is 
integrity protected. 



70* A method as in claim 35 wherein said, 
securely processing step comprises 
securely executing sa id first and seconds 1_ 



Both load modules are executed on the PC 
within the-WMP/DRM Client/SAP 
envrforarfe nt. ». > ; = 
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Dad modules within the same secure 
pressing environment. 



r 4. A method as in claim 35 frr^eir 
ncluding securely, combining first and 
ccond'load modules to provide a 
combined executable. ^ * 



\1. A method as in claim, 35 v/heremsaid 
;ecinely receiving steps are performed 
inde pendently at different tiroes^ 



>4, A method as' in claim 35 .wherein. said 
secure operating environment includes a 
protected processing environment, and 
therein: , , 

said method further comprises receiving a 
Jata item within said secure operating 
snvironxnent; 

said first load module receiving step is 
performed separately and at a time different 
from receiving said data item; and 

said securely processing step is performed 
at least in part in said protected processing 
RrtviTomnent. — 



Since both the DRM client and the driver . 
are DLLs in the same audio rendering 
chain,, they exist as an execution 
environment, . 



The driver and Individualization DLL need 
not be received at the same time. 



The Windows Media Player together with- , 
the Individualized DRM Client tod Secure 
Addid Path comprise a protected 
environment for processing protected 
media. The protected Windows Metfia . 
FileS are received after the load modules 
have been received and installed (licenses 
cannot be acquired until load modules are 
m place). The processing of the Windows 
Media FUe Occurs in the protected 
environment. 



Fxamnles of SAP-certified drivers include - as indicated at 

- All VIA controllers with A097 codecs 

- All ALI controllers with AC-97 codec 

- Intel 1CH controllers with AC-97 codecs 

- Creative Labs SoundBlaster! «AWE32/AWE64/Vibra 

- Yamaha OPL3 

■ Yamaha DS- 1 

■ Cirrus Logic (Crystal) CS4280 . 

• Cirrus Logic (Crystal) CS4614 / CS4624 
•* ESS Maestro 2£ 

• USB Audio 

► Cirrus Logic (Crysifll)CS42Sl 
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• All SiS controllers with AC-97 codecs 

• EnsoDiqES1370 

■ WeoMagicNMG 

. EnsoniqES137l/7^^CT5&80 

» SoundBlaster Live! . " * 

» Aureal 8810 

- .Aureal 8820 

■ Aureal 8*30 

• Conexant Riptide 

• ESS Maestro 

• ESS ISA parts 

- NeoMagic NM5 
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6. 



A secure operating environment system for 
oanaging at least one resource comprising: 



a) a communications arrangement 



(1) that securely receives a first control 
of a first entity external to said 
operating environment, and 



(2) securely receives a second control 
of a second entity external to said 
operating environment, said second 
entity being different from said first 
entity; and 



, . — 

h) a protected processing environment, 
■ operatrvely connected to said 
communi cations arrangement, that: 



Product Infringing: Any product using 
Common- Language Runtime (CLR), Common 
Language Infrastructure (CLI), or Compact 
Common T anfluafre Runtime fCCLRV 



Microsoft CLR, CLI or CCLR (operating 
environment system), managing, any of the 
resources on a typical computer, including 
memory, files.system, communications ports, 
storage devices, and higher level resources that 
use anv of these or. combinations of thero,_ 



mavi 



Communi catj ons port and Microsoft Internet 
Protocol stack-that may optionally use Secure-. 
Socket'Layer protocol or rPSECpacfcet 
security protocol, supplied with Microsoft 
Windows. 



Rule or evidence contained in the manifest of a 
shared assembly, distributed by a first entity 
that can be used by the CLR, CLI or CCLR to 
determine permissions that may be needed to 
cause operations on a data item or resource 
controlled by another entity; shared assembly 
is tamper-protected and may be received using 
secure SSL or IPSEfc protocol. 



Rule specified in the manifest of a second 
shared (Tamper protected) assembly, that 
demands pennissions of callers of its methods. 



(1)0 securely processes, using at least 
one resource, a data item logically 
associated with said first and second 
controls, and 



CLR, CLI or CCLR, connected to (e.gO 
communications port 



(2) 0 securely applies said first and 
second controls to manage said 
resource for controlling use of said data 
item. 



CLR, CLI or CCLR uses type safety 
mechanisms, access controls, integrity 
detection, and separation of domains. Data 
item may be any data hem that is managed by 
the second assembly, which may be a member 
of such assembly, and whose state or value 
may be accessible through an interface to other 
assemblies, and which is referenced by the first 
assembly 



57. A system as in claim 36 wherein said . 
protected processing environment is pari of an^ 



CLR, CLI or CCLR processes the demand for 
pennissions from the second assembly, collects 
the evidence or processes the rule from the first 
assembly, and determines whether the first 
assembly has the permissions to use the 
resource to operate on the data item controlled 
by the second assembly. 



Computer or electronic appliance running 
CLR, CLI or CCLR ' 
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nd user electronic appliance, . 



4* A system as in claim 36 wherein said 
OTimunications arrangement receives said 
rst and second controls from at least one 
smote location over at least one 
»1ecommumcations link-. 



Shared assemblies are designed to be received 
remotely, e.g^ over the internet 



5. A system as in claim 36 ivherein said 
rotected processing environment combines 
aid fust and second controls to provide a 
ombined control arrangement 



Arrangement consists of the stack frame and 
and the corresponding array of permission 
grants for assemblies on the stack, and the 
permission demanded by the second assembly. 



2. A system as in claim 36 wherein said 
ommunications arrangement independently 
•ceives said first and second controls at 



Assemblies, including controls, are designed | 
for independent delivery* - . 



8. A system as in claim 36 wherein at least 
ne of the first control and second controls 
omprises at least one executable component 
nd at least one date component 



The second entity supplies an assembly with a 
demand procedure (executed by the CLR> CLI 
or CCLR) that includes reference to a specific 
attribute value (the data component), and the 
protected processing environment executes the 
executable component (demand) in a manner 
that is at least in part responsive to the data 
component (execution is in response to the 
security action supplied in the data item). : 



8:16:32 PM [Eastern Daylight Time] * SVR:USPT0-EFXRF-1/1 ^ DNIS:3729306 ^ CSID:650&496775 s DURATION (mm-ss):2803 



1 

2. 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 



5:39PM PALO ALTO OFFICE 



NO. 337 P. 58 



j NTERTRXJSTTwrmotjtyGms rnitP. v. MICROSOFT COJIP.. 
FOR U-S. PATENT NO. 5^82,891 



s. 



V secure operating environment system' 
jt managing at least one resource 

uprising: , — 

communications arrangement that 
securely receives 



first control 



if a first entity external to said operating 
environment, 



md securely receives a second control 



infringing Product My Services 

Secure operating environment is the secure 
server for any .NET My Services service 



Secure server receives communications 
fomiatte^usir«meSOAP-SEG,ine 
security extension to SOAP that is used by 
My Service servers to receive conirol& 



The first control is a roleTemplate 
associated v/itb the service. The 
roleTemplate identifies specific actions 
(e.g. read, replace) that can be performed 
against a certain scope {resource or set of 
resources). 



jf a second entity external to said 
jperating environment, said second entity 

different frr,m first e . ntitv: : 

ind a protected processing environment, 
aperatively connected to said 
communications arrangement, that; 



The first entity is the administrator of the 
server database, or other entity with 
authority over its content that sets up the 
roleTemplates and scopes. That entity is 
independent from and located remotely 
from the secure server. 



A role element specified by.a specific end 
user, which is securely received by the 
secure server using the SOAP-SEC 
protocol,. 



The end user is located remotely from the 
secure server. 



(a) securely processes, using at least one 
resource, a data item logically associated 
with said first and second controls, and 



The protected processing environment is 
the .NET security sendee {authorization 
system) operating within the server. The 
server uses the SOAP-SEC 
communication protocol to receive 
.controls. 



'Securely processes" is performing the 
requested operation on secure server 
running .NET. The system wrill perform the 
requested operation' ensuring that the user 
hs& no access to infom vatiop outside the ... 
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j 


scope computed. 

The resource is the server software and/or 
hardware used to process the two controls 
and user data, 

•**t_ £• l le TAlpTpirml&te for the 

The first .control is we roiciciupiai& xy* u*w 

service. The second control is the cole 

element for an individual user. 

The data item is the aid user's stored 
content (e.g. calendar, email inbox, etc*). 


8 ; 
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(b) sfecurely applies said first and second 
controls to manage .said resource for 
controlling use of said data item. 


The secure server determines ine resuu 
scope (visible node set) for the operation 
that is computed from the role, element and ^ 
theroleTemplate. That result scope is useu 
to manage the data hem. 


64. A system as in claim 36 therein said 
communications arrangement receives said 
first and second controls from at least one 
remote location over at least one 
t^lp^nTnmvjnications link 


The remote location is the site where the 
user's or administrator's application is 
running. 

The telecommunication link can be the 
Internet, intranet, VPN or other similar 
channels. 


75 # ^ system as in claim 36 wherein said 
protected processing environment 
combines said first and second controls to 
provide a combined control arrangement. 


The role scope incorporating the role 
element and the role Template- 


82. A system as in claim 36 wherein said 
communications arrangement 
independently receives said first and 
second controls at different times. 


Administrator and user controls will 
ordinarily be received at different times. 


95, A secure operating environment system 
as in claim 36 wherein said 
communications arrangement also recedes 
a data hem separately and at a different 
time from at least one of said first control 
and said second control. 


This is the normal case for JNfcT My 
Services. The user's content is normally 
stored and updated independently of the 
setting of scope elements, role elements and 
roleTemplates. 
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^ INTERTRUST IN 1? J^UNGEMENT CHART 

FOR tiJS. PATENT NO. 6,157,721 




1. A security method comprising: 



Product Infringing Windows CE forAutomoUve 



(S"djgitelly signing a first load module with a 
fust digital signature designating the first load 
module for use by a first device class; _ 



WCEfA is Microsoft Windows CE for Automotive, 
sometimes also known by hs former name, AntoPC 2.0- 

With WCEfA an OEM can assign their device to a class , 
that only accepts certain kinds of software. The device 
cwfbe set to accept I) any software with the «>iTpW_ 
OTocessor/version 2) only certified software or 3) onb/ 
software from the OEM or Microsoft. These Security (<* 
Trust) levels also control to which kernel APIs and 
middleware APIs lac software has access. 
', 

Background; 

"Microsoft Software Install Manager (SIM), a 
1 component of WCEfA, allows yon to control what can 
I be installed on your device platform. You can define 
your platform as being oEen, cjosgdor restricted to new 
Installations, and SIM will enforce these designations." 

(D.Pg-1) 

"Anything can be installed on an open platform, as long 
as the applications are compiled for the appropriate ■ 
processor. At the Other extreme, no third-parry software 
can be installed on a closed platform. Only certified ^ 
applications can be installed on a restricted platform." 
|(D,pg.D 

-By restricting installations to compliant applications, 
the risk of installing and using incompatible or harmful 

I software is greatly reduced, wbile still keeping the . 
device open for robust, quality applications that enhance 

| the iiser experience.*' oXp^I) 

WCEfA also has a Security Layer whose purpose is to 
I "Create an abstraction layer of security surrounding 1SV 
applications to limit and/or deny access to key Windows 
CE kernel API calls and WCEfA middleware APIs." L 

|PS-1) • ' 



A~ first load module is a WCEfA software component in 
a signed JE file. The/irsf device class is a device that 
only allows software designated as "restricted 7 ' (or 
higher) to be installed. "Restricted*' software is software 
lhat has been certified. With restricted software, the 
device also implements a Security Layer ftinciionaliry 
that limits the kernel and WCEfA API calls that the 
software can make. "•• - 



I 
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I. tt SlM Level: 1 ■ Restricted 
Description: Only property certified CEI (WCE£A 
• device installation) files can be installed on |he device, 
• Remote execution Is restricted to executable* vrith . 
ma ster key. , 
.Key, Logo certified CB file required. CEI files or EXEs 
with master keys permitted.* (F, p&l\ * 

- nhekeraenoadercalUhe?chtnneamo^^ 

by Windows CE It retiirns one of the following values 
that determine the module's access to kernel resources: 

Value 

'Meaning / * 

OEM_CERTlpy_TBUST (2) 

The module Is "trusted by the OEM to perform any 

operation, 

OEMjCERTlFy,RI)N (1) 

The module is trusted by the OEM to run but is 

restricted from making certain fraction calls. 

OEM.CERTIFV^FALSE (0) 
The module is not allowed to run. 

"(H,pg.l) 

Digitally signing. "Before the kernel loads a file, It uses 
the OEMCertifyModute function to verify that the file 
contains the proper signature," (N, pg. 1) 

"Signfile^xe; This tool signs an executable with a 
supplied private key. You can use the following 
command parameters with ttris tool...,-? AttribString, 
specifies an optional attribute string to be included in the 
. signature. For "example, you could add a string to 
indicate the trust level of the application." (O. Pg- 1) 

In the MSDN article Verifying the Signature, the sample 

code segment states 

"//the file has a valid signature 

//.we expect the trust, level u> be returned as signed 

data— 

//case 'R 7 : d wTrustLevel " OEM_CERHFY_RUN T ' (N, 
pg2) 

"The WCEfA Security Layer isolates installed 
applications from maidng unrestricted kernel and 
WCEfA API calls. This allows the OEM to assign one of 
three levels of security to applications and drivers 
installed in RAM when they art loaded into the system. 
The three levels are Trosted^Restriaed..., and . 
Blocked. ..On the systems level, the WCEfA Security 



DNIS:8729306 * CSID:650849677S * DURATION (mm-ss):28-08 



AUG. 4. 2004 5:40PM PALO ALTO OFFICE 



NO. 337 P. 62 



1 
2 
3 
4 



10 

Jl 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21- 

22 

23 

24 

25 

26 

27 

28 



(b) digitally signing a second load module wiUi 
a second digital signature different -from the 
first digital signature, the second digital 
signature designating the second load module 
foruse by a second device class having at least 
one of tamper resistance and security level 
I different from the at least one of tamper 
resistance and security level of the first device . 
class; . ' • 



layer fits between 1SV applications and isolates these 
software modules from having free access to all WinCE 
kernel calls and WCEfA middleware APIs." 0, pg. 0 

The developer submits their application for certification. 
If it passes, then the .cei file (a form of cab file) receives 
a certification key from the certifier. The signed PE is 
within this .cei file. • 



(c) distributing the first load module for use by 
at least one device in the first device class; and 



A second load module is a WCEfA software component 
is a signed PE file. The second device class with a 
different tamper resistance or security level is a device 
that is "Closed", that is, it will not ajlow third party to 
software to be installed. A closed device only allows . 
trusted software to nm. The Security Layer setting of 
Trusted" allows the Microsoft and OEM software full 
access to kernel and middleware APIs. 

In the MSDN YT'fo™ Ae Signature, the sample 

code segment states 

"//the file has a valid signature 

// we expect the trust level to be returned as signed 

//case T* : dVrrustUvet « OEM J^RTTFY JTH3ST 1 

'Sigofile-esxe: This tool signs an executable with 3 
supplied private key, You can use the following 
command parameters with this tool...,-$ AtiribStnn& 
specifies an optional attribute string to be inchuJed in the 
signature. For example, you could add a string to 
indicate the trust level of the application. (O, Pg. 1) 

"SIM Level: 2 -Closed 

Description: Platform is limited to software supplied 
directly by OEM or Microsoft. Third-party applications 
cannot be installed. .*» 

Key. Master key required for any install or remote 
executiop/(F,pg.l) 

Related to the Security Layer, the Trusted level a Is most 
likely reserved for MS and OEM applications and 
drivers." dpfi-.l) 

Whereas the .cei files for certified software have a 
certification key (sometimes call MS Logo key), the .cei 
files from Microsoft or the OEM have a master key 
attached. ""Master key required for any install or remote 
execution." (F,p.gl) 



First load module is the certified software from a thud 
parry that will be run as part of the 44 Resmcte<r./i/s/ 
device doss* 

^Qnce your application is complete, send 'the .cei file to 



II 
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the organization that is performing validation or 
certification for the OEM They would validate it, then 
either reject or return a'.cei that has been stamped with a 
certification key. You would then reproduce this .cei file 
on CD-ROM or a compact flash card and distribute." (D, 
P-g5) * • • 

APCLoad compares the device SIM level against the 
xei file certification key, and either allows the 
installation to proceed or prohibits it based on the 
outcome of this comparison." (D, pg. Z) 

"Security;, To achieve a high level of reliability, 
WCB& h carefully designed to: • 

- .: : Contrdl the installation of certified and tested, 
software and drivers. 
«. Limit the.access of system services by installed 
module. 

Monitor the proper execution of software. . 7* 
<<3,Pg-l) 



d) distributing the second load module for use 
,y a t least one device in the second device 



Hie second load module is the certified software from 
the OEM or Microsoft that, will be run as part of the 
"CJosed" second device class- 

"You may need to change ROM components after your 
device ships, either to fee a problem, or to provide 
enhanced functionality. For this purpose, the OEM is 
given a CElBoild that adds a master key to a xei file. 
CEI files stamped with this master key can be installed 
on an open, dosed' or a restricted platform," (D, pg. 3) 

"Trusted: The application fe registered as a completely 
trusted module and allowed full access to the kernel 
APIs and WCEfA APIs, This mode is mostly likely 
reserved for MS and OEM applications and drivers. 
Note that applications and drivers included in ROM are 
automatically given trusted status." (I, pg-1) 



r<3] htofonsdn^icroson^om^ 
mhSLdnjnicxosofc^ 
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INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT COUP. 
~ ^TERTRUST INFRING EMENT CHART 

FORU.S. PATENTNO. 6,157,721 



, software verifying method comprising: 



a) testing a load module 



Product infringing: Windows Hardware 
Quality Lab certification service^'aoa \ 
operating system products that support 
driver signa ture technology.. 



Microsoft encourages manufacturers to 
have their device drivers tested and signed. 
: '"or example, only signed drivers will ship 
"in-the-box." Also, Microsoft's driver 
ranking prefers signed drivers to unsigned 
drivers. 

Microsoft Weh-pape - Can't Find a Test 



having at least one specification as sociated 



raiftoorv for Y our Driver? 



WHQL's long-term objective is to be able 
to digitally sign all drivers. Although we do 
not currently have test programs for certain 
driver type$ a such as specialized device 
drivers and software filter drivers, WHQL 
is investigating a long term solution to 
expand the categories of drivers tested 
under Windows 2000 and ultimately all 
Windows operating systems. We arc 
already formulating a test program for anti- 
virus file system filters, and plan to address 
other file system filter drivers as soon as 
the initial p rrtprflryi isin place 



The driver vrifl' be tested for each version of 
the operating system it supports and against 
the device class specification that apply to 
the device's class* 

The driver package is a load module. A 
driver package contains one or more of the 
following files: » 

A device setup information fite (INF file) 

A driver catalog (.cat) file 

One or more optional co-installers 

Microsoft operates the Window Hardware 
Quality Lab, which tests drivers submitted 
by driver manufactures- 

The manufacturer can test their own driver 
using the Microsoft testing kit and submit 
the test results to WHQL when requesting a 
signature. Additionally, Microsoft or a 
testing facility working with Microsoft can 
perform the testing. 



The manufacturer-writt ep INF file^ which 



ii 

•i 
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kerewith, 



le specification describing one or more 
motions performed by the load module; 



is part of the driver package, is a. 
specification. Microsoft Windows dnvets 
must have an INF file in order to be 
hstalled 



(b) veriiying thai the load module satisfies 
the specification; and 



* "he INF Version section specifies its . 
device class. One use of the device class is 
to identify the. specific Windows 
compatibility specification that relate, to the 
device class. These specifications will vaxy 
yy device class in part because the function 
of each device can vary amoxig class. The 
NF incorporates by reference the « 
Microsoft supplied device chss-spedfic 
specification by identifying its class in the 
INF. 

The INF can include operating system 
'-decorating" to specify the operating 
system architecture^ major and minor 
version, product and suite the driver is 
intended for and can further use this 
decorating to specify what operating 
systems for which it is not intended. 
Because the Emotionality of each of the 
operating systems may vary the driver must 
be tested for each applicable operating 
system. 

Qualification Service P6 licv Guide- 



Hardware Qteporv Policies 



Yon must select the correct hardware 
category for your device. If you select the 
wrong hardware category for your device, 
your submission will faiL For example, if 
you have a storage/hard drive device, but 
you select storage/tape drive as your 
hardware category, your submission will 
fail. 

Windows XP HCT 10.0 Q A A - Windows 
XP Logos 

Q: Which "Designed for Windows XP f 
logos are available for my product? 
A: Devices and systems qualify for a 
^Designed for Windows" logo after passing 
testing with the appropriate WHQL test kit 
on all operating systems specified by the 
logo. "Designed for Windows" Logos for Device 
and System Programs lists which logos are 
available for each typ e of product. 



The Microsoft WindowsXP Hardware 
Compatibility-Test ^CT) kit version 10.0- 
iridudes ffie tests, lest documentation, and _ 
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submission processes that are required to 
participate in the Microsoft Windows Logo 
>rogram for Hardware for the Windows ■ 

XP Professional operating system. To 
qualify to use the "Designed for Windows, 
logo for hardware, products must pass 
testing with the Microsoft Windows. HCT 
Idt-The HCT kits are organized by. 
hardware tyrx*. 

As mentioned above, the manufacturer can 
test their own driver using the Microsoft 
testing kit and submit the test results to • 
WHQL when requesting a signature. 
Additionally, Microsoft or a testing facility 
working- with Microsoft can perform the 
testing 



(c) issuing at least one digital certificate 
attesting to the results of the verifying step. 



When a driver package passes WKQL 
testing, WHQL generates a separate CAT 
file containing a hash of the driver binaries 
and other relevant information. WHQL 
then digitally signs the CAT file using 
Digital Signature ciyptographic technology 
and sends it to the vendor. Driver signing 
does not change the driver binaries ot the 
INF file submitted for testing. 

Microsoft uses digital signatures for device 
drivers to let users know that drivers are 
compatible with Microsoft Windows XP, 
Windows 2000, and Windows Me. A 
driver's digital, signature indicates that the 
driver was tested with Windows for . 
compatibility and has not been altered since 
testing. 
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FOR U.S. PATENTHO. 6,157,721 



14. 



Infringing products include Office 2003 and 
included applications, and Server 2003, 
including Microsoft hosted RMS Service using 
Passport 



A first protected processing environment 
comprising: 



A personal computer running Windows XP, 
Windows 2000. or Windows 2003 



a first tamper resistant barrier having a first- 
security levels and 



at least one arrangement -within the first ■ 
tamper resistant barrier that prevents the first 
protected processing environment from 
executing the same load module accessed by a 
second protected processing environment 
laving a second tamper resistant bamer with a 
second security level different from the first 
security level. 



The tamper resistant barrier is the Office 2003 
IRM client environment :and includes ithe 
sighed digital certificate identifying the user. 

If the certificate is tampered -with, or if certain, . 
sensitive IRM processes or modules are 
debugged or tampered with, the system will 
cease to operate. 

The first security level is the "Security Level" 
which has been selected for a particular Ofnce 

Applicatio n, e.g.. WortL 
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The arrangement that prevents a load module 
from running in one.PPE and not in another is 
the type and characteristics of a particular Load. 
Module (VBA program within a document or 
add-in); he., signed, script author, code 
capabilities, etc, and the "Secujgty Level" 
settings. 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 

is 

16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 



5:42PM 



PALO ALTO OFFICE 



NO. 337 P. 68 



iNrmTM TXT TECHNOLOGIES CORP. v. MICROSOFT CORP. 
1 * INTCRTRUST INFRING EMENT CHART : 

FOR P.S- PATENT NO. 6,157,721 




18. 



A. method for. protecting a first computing 
arrangement surrounded by a first temper 
resistant barrier having a first security level, 
the method including; 



Infringing products include Office 2003. and 
included applications, and Server 2003, 
including Microsoft hosted"RMS Service using 
Passport 



The first computing arrangement with a tamper . 
resistant barrier is the Office 2003 ERM client 
environment and includes the signed digital : 
certificate identifying the user. 

If top certificate is tampered -with, or if certain, 
sensitive IRM processes or modules are 
debugged or tampered with, the system will 
'cease to operate. ' 

The computing arrangement is being protected 
from; for example, viruses and malicious code. 

The first security level is the "Security Level" 
which has been selected for a particular Office 
Application. e.tt.. Word . 



preventing the fiist computing arrangement 
from using the same software module 
accessible by a second computing arrangement 
having a second tamper resistant barrier with a 
second security level different from the first 
security level. 



The arrangement that prevents a load module 
from running in one computing arrangement 
and not in another is the type and 
characteristics of a particular software module 
(VBA program within a document or add-in); 
Le., signed, script author, code capabilities^ 
etc., and the "Security Level" settings. 
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A protected processing environment 
comprising : 



a first tamper resistant barrier having a first 
security level, 



a. first secure execution space, and 



at least one arrangement within the first 
tamper resistant barrier that prevents the first 
secure execution space from executing the 
same- ex ecutable accessed by a second .secure 
execution space having a second tamper 
resistant barrier with a second security level 
different from the first security level. 



ncluded applications, and Serverl0O3, . 
deluding Microsoft hosted RMS Service using 



> assport 



A personal computer running Windows XP, 
Windows 2000L or Windows 2003 



The first tamper resistant barrier is the Office 
2003 IRM client environment and includes the 
signed digital certificate identifying the user. If 
the certificate is tampered with, or if certain, 
sensitive IRM processes or modules ate 
debugged or tampered with, the system will, 
cease to operate. 

The first security level is the "Security Level" 
which has been selected for a particular Office 
Application- e.g„ Word 



The secure execution space is process space 
allocated by the operating system for the 
Microsoft Office host application to run. Tins 
host application (eg., Word) executes the VBA 
code within this process space. 

This execution space (application) is secure 
because the IRM environment takes steps to 
insure that it is 'trusted", the application is 
signed, and the document which includes the 
VBA code is protected by IRM policy and then 
encrypted and sig ned- - 



The arrangement.thaf prevents a load module 
from running in one computing arrangement 
and not in another is the type and 
characteristics of a particular software module 
(VBA program within a document or add-in); 
i.e.', signed, script author, code capabilities, 
etc., and the "Security Level" settings. 
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\ protected processing environment 

somprisingL 



a first tamper resistant barrier having a 
first security level, 



a first secure execution space, and 



Product Infringing: Microsoft Common Language 
T^nrtmftandASP;NET • 



Microsoft Common Language Runtime and 
ASP.NET 



TAMPER RESISTANT BARRIER 
The first tamper resistant barrier is the application 
domain in theCLR. The runtime hashes the 
contents of each file loaded into the application ■ 
domain and compares it with the hash value in the- 
manifest' If two hashes don't match, the assembly 
fails to load.[l] 

Also ?Code funning in one application cannot 
directly access code or resources from another 
application. The common language runtime 
enforces this isolation by preventing direct calls 
between objects in different application domains. 
Objects that pass between domains are either 
copied or accessed by proxy '."[2] 

SECURITY LEVELS . 

The security levels of the application domain if 
different by setting the trust level assigned to an 
outside application using the "trust" element m the 
web-config for the ASP.NET application. 
Syntax- 

<trust level- 'Full/High/Low/None" 
oriEinUrl^urP7> 

Example- 

«^BinUr^htxpV/wwv/.SomeOtheiCoropany.c^m/defaul 
t.aspx/> 

[7] 



at least one arrangement within the first 
tamper resistant barrier that prevents the 
first secure execution space from 
executing the same executable accessed 
by a second secure execution space 
having a second tamper resistant barrier 
with a second security level different from 
the first security level. _, 



"The application domain is the execution space for a 
.particular application 



The second secure execution space is another . 
application domain that has a different trust level for 
an outside application. 

If second app domain gives Full trust to the outside 
application; whereas the first one doesn't, the first 
app domain won't be able to execute the application 
that requires full tru st permission. \ ,_ — 



References: 
111 
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wwwjiuaosoftconi/germany/rr^msdnbiblio/do 

tnetrk/doc/assembly.doc 

[2] msdn.Micosoft.comAibrary/en- 

us/cpguide/html/ 

qjconapplicationdoraaiiisoverview.asp?fiame !S tr 

ue • . ' ■ • 

[ 7] LaMacchia^etc, -NET Framev/oric Securit y. 
Addision-Wesley, 2002 
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A protected processing environment 
comprising! 



a first tamper resistant barrier having a first 
security level, 



Product Infringing: Products containing 
Microsoft Common Language Runtime or 
Compact Common Language Runtime^ and 
products implementing the Common Language 
Infrastructure specification. 



Microsoft Common Language Runtime and 
.NETFramework SDK 



TAMPER RESISTANT BARRIER ' 
The first tamper resistant barrier is the 
application domain in the CLR. The runtime • 
hashes the contents of each file loaded into the. 
application domain and compares it with the . « . 
hash value in the manifest If tw6 hashes don't 
match, the assembly fails to load; [1] 

Also *Code running in one application cannot 
directly access code or resources from another 
application. The common language runtime 
enforces this isolation by preventing direct 
calls between objects in different application 
domains. Objects that pass between domains 
are either copied or accessed by proxy "[2] 

SECURITY LEVELS 

Application domains have different security 
levels by setting security policy of the 
application domain programmatically. [3] 
"It has different security based on code-based 
security model of.NET. Administrators and 
hosts use code-access security to decide what 
cade can do, based on characteristics of the 
code itself regardless of what user is executing 
the code. The code characteristics are called 
evidence and can include the Web site or zone 
from which the code was downloaded, or the 
digital signature of the vendor who published 
the code. " 

"When the security manager needs to 
determine the set of permissions that an 
assembly is granted by security policy* it starts 
with the enterprise policy level Supplying the 
assembly evidence to this policy level will 
result in the set of permissions granted from 
that policy leveL The security manager 
typically continues to collect the permission 
sets of the policy levels below the enterprise 
policy Including the aim domain! in (he same 
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} 



a first secure execution space, and 



at least one arrangement within the first tamper 
resistant barrier that prevents the first secure 
execution space from executing the same 
executable accessed by a second secure 
execution space having a second tamper 
resistant barrier with a second security level 
different from the first security level. 



fashion. These permission sets are then 
intersected to generate the policy system 
permission set for the assembly. AU levels must 
allow a specific permission before it can make 
it into the granted permission set for the 
assembly" 

Example of granted permission sets* from a m 
policy- ' 

Rendition: Alt code, Permission Set Nothing 

Condition: Zone: Internet. Permission Sec Internet Condition; URL: 
vmunpnasheAiMK Ptrrtisston Set: MonashPSet 
Condition: Strang Name: m-CetHWert*, Permission Set: m+ • 
CamBXrccPSet f4J 

Another difference in security levels can be - 
whether the verification process is turned off or 
on, "Manhged code must be passed through a 
verification process before it can be run 
(unless the administrator has granted 
permission to skip the verification). The 
verification process determines whether the 
code can attempt to access invalid memory 
addresses or perform some other action that • 
could cause the process in which it is naming 
to fail to operate property.. Code that passes 
the verification test is said to be type-safe. The 
ability to verify code as type-safe enables the 
common language runtime to provide as great 
a level of isolation as the process boundary; at 
a much lower performance cost" [5]- 



The application domain is the execution space 
for a particular application. 



lor a particular appu^auuu. _ 

The second secure execution space is another 
application domain that has a different security 
policy than thS'firsL 

If second app domain's security policy doesn't 
give any permission to code from internet 
zone, but first app domain does, then the code 
would run in first app domain and not in 
second, \6] 



References: 

wv^jriicrosoftcom/gemany/ros/msdnbibl 

io/dotnetrk/doc/assembly.doc 

J2] msdn.Microsoft.com/library/en- 

us/cpguide/html/ 

Cpconsppl J c ati ondpipainspvervi ew.asp ?fr^ " 
me?=true' ' m Ii . L_ 
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[31 LaMacchia,etc, ->ffiT Framework 
Securit y. Addision-Wesley, 2002, p.113 
[41 Watkins, DemJen, "An Overview of 
Security in the .NET Framework", from' 
MSDN Library, January 2002 

•' [5] sameas[2] „_••., 
[6] msdBuMicrospft.com/bbrary/en- 
. us/cpguide/htirny 

- c^conapplicaliondoraainlervelsecuntypolicy 
.asp?frame= : true 
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38. - 



Infringing products include Office 2003 and 
included applications, and Server 2003, 
including Microsoft hosted RMS Service using 
Passport 



A method for protecting a first computing 
arrangement surrounded by a first tamper 
resistant barrier having a first security level, 
the method including: 



preventing the first computing arrangement 
from using the same software module accessed 
by a second computing arrangement having a 
second tamper resistant barrier with a second 
security level different from the first security 
leveL 



The first computing arrangement surrounded by 
a tamper resistant barrier is the Office 2003 
IRM client environment and includes the 
signed digital certificate identifying the user. If 
the certificate is tampered with, or if certain, 
sensitive IRM processes or modules are 
debugged or tampered with, the system. -will 
cease to operate. 

The first security level is the "Security Level" 
which has been selected for a particular Office 
Application. e.g„ Wor d. 



1 

2 
3 
4 
5 
& 
7 
8 
9 

io- 
ii 

12 
13 
14 
15 
16 

1? 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 

' i 

Exhibits '{! 

PAGE 75/92 ' RCVD AT 8/4/2004 8:16:32 PM [Eastern Daylight Time] * SVR:USPT0£FXRM/1 ' DNIS:8729306 * CSID:650849677S 1 DURATION (mm-ss):28-08 



The computing arrangement that prevents a 
software module from running in one 
computing arrangement and not in another is 
the type and characteristics of the particular 
software module (VBA program within a 
document or add-in); i.e., signed, script author, 
code capabilities, etc.; and the "Security Level" 
settings- 
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Product Infringing: Windows Media Rights* ■ 
Manager and Windows M edia Player 



i) a first apparatus* including, 



Consumer's computer, as shown in WMRM 

SDJjL 



(1) user controls, 



(2) a communications port. 



Consumer's computer, as shown in WMRM 
SDK. 



Consumer's computer, as shown in WMRM . 

SDK, 



(3) a processor, 



(4) a memory storing: 



Consumer's computer, as shown in WMRM 

SDK, 



0) a first secure container containing 
a governed item, the first secure 
container governed item being at 
least in part encrypted; the first 
secure container having been 
p^eived from a s econd apparatus: 



Consumer's computer, as shown in WMRM 



Secure container (packaged Windows Media 
file), received by consumer's computer from 
"Content provider ( WMRM SDK, Step 3) 9 
which contains encrypted governed item 
("Encrypted content* 5 ) 



(ii) a first secure container rule at least 
in part governing an aspect of 
access to or use of said first secure 
container governed item, the first 
secure container rule [sic], the first 
secure container rule having been 
received from & third apparatus 
different from said second 
apparatus; and 



Rights portion of signed license, received by 
consumer's computer from "License issuer" 
(WMRM SDK, Step 9) 



(5) hardware or software used for 
receiving and opening secure 
containers, said secure containers each 
including the capacity to contain a 
governed item, a secure container rule 
being associated with each of said 



Windows Media Player and Windows Media 
Rights Manager 



secure containers! 



(6) a protected processing environment at 
least in part protecting information^ 
contained in said protected processing 
environment from tampering by a user 
of said first apparatus, said protected 
processing environment including 
hardware or software used for 
applying said first secure container 
rale and a second secure container rule 
in combination to at least in pan 
govern at least one aspect of access to 
or use of a governed item contained in 
a secure container: and 



1st and 2nd rules consist of any two valid rules 
as specified in the Window Media Rights 
Manager SDK; protected processing 
environment includes Windows Media Rights 
Manager and Windows processes fin- 
protecting operation of Windows Media Rights 
Manager. Licenses can be used to convey 
multiple rules. 



(7\ hardware or softie used for. 



Anv hardware or software employed in 
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transmission of secure containers to 
other apparatuses or far the receipt of 
secure containers from other 
a pparatuses. 



transmitting. Windows Media files, including 
for example consumer's computer's 
communication port and Windows Media 
Plaver fWMRM SDK. Step 3^ 
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Infringing products include Office 2003 and 
included applications, and Server 2003 9 ' ' 
including Microsoft hosted RMS Service using 
Passport 



K system including: 



l first apparatus including, 
lser controls, 
l communications port, 
l processor, 
imemorv storing: 



A device with user controls, a comniunications 
port, a processor and memory. For example,- 
the user controls may be a keyboard and 
mouse, the communications port may be a NIC 
card with an Ethernet port, the processor may 
be a CPU, and therueraory may be a hard-drive 
or RAM. 



l first secure container containing a governed 
tern, the first secure container governed item 
>eing at least in part .encrypted; the first secure 
ontainer having been received from a second 
pparatus; 



An encrypted IRM-governed email received 
from a remote computer. The encrypted IRM- 
governed email contains- an encrypted IRM- 
governed email message. 



first secure container rule act least in part 
overning an aspect of access to or use of said 
irst secure container governed item, the first 
ecure container rule, the first secure container 
ale having been received from a third 
pparatus different from said second 
pparatus; and 



The first secure container rule is received from 
the RMS server in the form of a use license. 

This use license contains rules generated by the 
RMS server specifically for the user (or user's 
group) 



ardware or software used for receiving and 
pening secure containers, 

aid secure containers each including the 
apacity to contain a governed item, a secure 
ontainer rule being associated with each of 
aid secure containers: 



The RM-enabled device contains hardware or 
software for receiving and opening secure 
emails. 

The secure email has the capacity to contain an 
IRM-govemed email message, with a rule 
being associated with each email. 

The rules associated with the secure emails are 
rules that come as part of the original email as 
well as rules that come bade from the_RMS M 



protected processing environment art least in 
art protecting information contained in said 
rotected processing environment from 
tmpering by a user of said first apparatus, 

aid protected processing environment 
deluding hardware or software used for 
ppjyiog said first secure container rule and a 
scond secure container rule in combination to 
L least in r>art govern at least one asnect of _ , 



Protected information on the RM-enabled 
device is protected by the use of at least 
cryptographic techniques. 



The rule governing the email works together 
with an additional rule to determine whai 
access to or use (if any) are allowed with 
respect to the IRM-govemed email message. 
Fouiexamnle. the additional rule may he 
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access to or use of a governed item contained 
in a secure container; and 

hardware or software used for transmission of 
secure containers to other apparatuses of for 
the receipt of secure containers from other 
apparatuses* • 



. NO. 337 P. 79 * 

J 

received together with the rule in the use 
license. - 

The device includes hardware or software used 
for transmitting or receiving secure emails. For 
example, RM-enabled OUT1-OOK is designed 
.to transmit and receive encrypted IRM- 
g overned emails lb/from other devices. — , , 
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\ system including: 



i first Apparatus including, 
iser controls, 
i communications port, 

i processor^ 

i memory storing: 

i first secure container containing a governed 
tern, the first secure container governed item 
>eing at least in part encrypted; the first secure 
container having been received from a second 
ipparatus; 



i first secure container rule at least in part 
joveflring an aspect of access to or use of said 
5rst secure container governed item, the first 
secure container rule, the first secure container 
ule having been received from a third 
ipparatus different from said second 
rpnaratus: and 



hardware or software used for receiving and 
jpening secure containers, 

said secure containers each including the 
capacity to contain a governed item, a secure 
;ontainer rule being associated with each of 
said secure containers; 



a protected processing environment at least in 
pan protecting information contained in said 
protected processing environment from 
tampering by a user of said first apparatus, 



Inftingingproducfs include Office 2003 and 
included applications, and Server 2003, 
including Microsoft hosted RMS Service using 
Passport ■ 



A device with user controls, a communications 
port, a processor, and memory. For example, . 
the user controls may be a keyboard and 
mouse, the communications port may be a NIC 
card with an Ethernet port; the processor may 
be a CPU, and the memory may be a hard-drive 
or RAM- • 



The first secure container is an encrypted IRM- 
protected document. 

This encrypted IRM-governed document is, for 
example, received from a remote computer, as" 
an attachment to an IRM-governed email or 
downloaded from a document server or web 
site. 



The first secure container rule is received from 
the RMS server in the form of a use, license. 

This use license contains rules generated by the 
RMS server specifically for the user (or user's 
group). 



The RM-enabled device contains hardware or 
software for receiving and opening secure 
documents. 

The secure documents have the capacity to 
contain IRM-govemed content, with a rule 
being associated with each secure document 

The rules associated with said secure 
documents are the rules that come as pail of the 
originally received document as well as rules 
that come back from the RMS server. 



Protected information on the RM-enabled 
device is protected by the use of at least 
cryptographic technique. 

The rnle governing the document works 



bit is] 
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said protected processing environment 
including hardware or software used for 
applying said first secure container rule and a 
second secure container rule in combination to 
at least in part govern at least one aspect of 
access to or use of a governed item contained 
in a secure container; and '' 



hardware or software used for transmission of 
secure containers to other apparatuses or for 
the receipt of secure containers from other 
apparatuses. 



together with an additional rule to determine 
what access to or use (rf any) are allowed with 
respect to the IRM-governed document For 
example, the additional rule may be associated 
.with an, email to which the document was 
attached, or received together with the rule in . 
the use license. . 



The-device includes hardware or software used 
for transmitting or receiving secure documents. 
For example, RM-enabled OUTLOOK is 
designed to transmit and receive'to/from other 
devices emails with DRM-govemed documents 
attached thereto. •. 
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[A system including^ 



a first apparatus including, 
[ user controls, 
I a communications port, 
aprocessor, 
La memory storing : 



a first secure container containing a governed 
item, the first secure container governed horn 
being at least in part encrypted; 



a first secure container rule at least in part 
governing an aspect of access to or use of said 
first secure container governed item; and 



a second secure container containing a digital 
certificate; 



Infiinging products include Office 2003 and 
included applications, and Server 2003, . * 
including Microsoft hostel RMS Service using 
Passport 



A device with user controls, a communications 
port; a processor and memory. Tor example* 
the user controls may be a keyboard and • 
mouse^ the communications port may be a NIC 
card with an Ethernet port, the processor may 
be a CPU, and the memory may be a hard-drive 
or RAM. 



The first secure container containing a 
governed item is an 1RM protected email 

Both the email and attachment are IRM 
protected, each having their own rules, each 
being encrypted. 



The rule governing the email (a first secure 
container rule) governs said first secure 
container governed item. 
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hardware or software used for receiving and 
opening secure containers, 

said secure containers each including the 
capacity to contain a governed item, a secure 
container rule being associated with each of 
said secure containers: " 



a protected processing environment at least in 
part protecting information contained in said, 
protected processing environment from 
tampering by a user of said first apparatus, 

said protected processing environment 
including hardware or software used Ihr 



The second secure container is the IRM 
protected attachment's derived Iicei^se request 
object 

The license request object contains the 
Publishing license and a signed digital 
certificate. 



The RM (IRM) enabled computer has software 
for receiving and opening secure containers. 

The IRM secure containers have capacity to 
contain a governed item, with a secure 
container rule being associated with each of 
said secure containers. 



Protected information on the RM-enabJed 
computer is protected by the use of at least 
cryptographic techniques. 



The rules governing the email itself (Tma 
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applying said first secure container rule and a 
second secure container rule m combination to 
at least in part govern at Jeast one aspect of 
access to or use of a governed item contained 
in a secure container: and 


secure container rule) and the rules .governing } 
the attachment work; together to determine what 
access to or use (if any) will be allowed with 
respect to the governed item* 1 


hardware or software used for transmission of 
secure containers to other apparatuses or for 
the receipt of secure containers from other 
apparatuses. 


IRM-enabled applications, e.g., OUTLOOK* 
are designed to transmit and receive RM 
secured containers to/from other computers. I 



1 
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I Infringing products include OfiBce 2003 and 
. . [. included applications, and Server 2003, 

including Microsoft hosted KMS Service using 
1 Passport 


A system including: | ' 
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user controls, 
a communications port, 
a processor, 
a memory, storing: 



port, a processor and memory. For example, ( 
the user controls may be a keyboard and ' 
mouse, the communications port may be a NIC 
card with an Ethernet port, the processor may . 
be a CPU, and the memory may be a hard-drive 
or RAM. 



a first secure container containing a governed 
hem, the first secure container governed item 
being at least in part encrypted; 



a first secure container rule at least in part 
governing an aspect of access to or use of said 
first secure container governed item: and 



The first secure container containing a 
governed item is an IRM protected document, 
which is an attachment within an IRM 
! protected email message. The governed item is 
the document's content 

Both the email message and attachment are 
encrypted and have associated usage rules due 
to IRM protection- 



a second secure container containing a digital 
certificate; 



A use license for the IRM protected document 
specifies rules governing access to or use of - 
said first secure container governed item . 



hardware or software used for receiving and 
opening secure/containers, 

said secure containers each including the 
capacity to contain a governed item, a secure 
container rule being associated with each of' 
said secure containers: 



The second secure container is the IRM 
protected email message. 

The IRM protected attachment includes a 
publishing license and an owner certificate, 
both of which are signed XiML digital 
certificates. 

The attachment (including embedded 
certificates) is contained within the IRM 
protected email message (said second secure 
container). 



The RM (IRM) enabled computer has software 
for receiving and opening secure containers. 

The IRM secure containers have capacity to 
contain a governed item, with a secure 
container rule being associated with each of 
_said secure containers. 



a protected processing environment at least in 
part protecting Information contained in said 
protected processing environment from 



Protected informalion~on the RM-enabled 
computer is protected, by the use of at least 
crypt6graphic techniques^ _", 
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tampering by a user of said first apparatus, 

said protected processing environment 
including hardware or software used for 
applying said first secure container rule and a 
second secure container rule in combination to 
at least in part gOYjera at leasfcbhe aspect of 
access to or use of a governed' hem contained 
m a secute container; and 



hardware or software used for transmission of 
secure containers to other apparatuses or for 
the receipt of secure containers from other 
apparatus eSi 



4. A system as in claim 3* 



said memory storing a rule associated with 
said second secure container* said rule ^ 
associated with said second secure container at 
least in part governing at least one aspect of 
access to or use of said digital certificate. 



The rules governing the attachment (first secure 
container rule) and the rules governing the 
email message (second secure' container rule) 
wojk together.to determine what access to or 
pse (If any) will be allowed with respect to the 
governed item.' - . * - 



RM-enabled applications, e,g-, OUTLOOK, are 
designed to transmit and receive KM secured 
containers to/from other computers. 



All parts of the attachment (including 
embedded signed XrML licenses/certificates) 
are protected by the enclosing email message 
and governed by the associated eniail rules 
(second sectge container ruleV 
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CLAIM LANGUAGE 



A system includinp: 



1* 
19 
20 
21 

22 
23 



24 



25 



26 
27 



28 



a first apparatus including, 
user controls, 
a communicatioiis port, 
a processor, 
a memory storing 



a first secure container containing a governed 
item, the first secure container governed item 
being at least in part encrypted; 



a first secure container rule at least in part 
governing an aspect of access to or use of said 
first secure container governed item; and 



a second secure container. containing a digital 
signature, the second secure container being 
d liferent from said first secure container; 



CLAIM OF INFRINGEMENT 



Infringing products include Office 2003 and 
included applications, and Server 2003, 
including Microsoft hosted RMS Service using 
Passport 



A device with user controls, a communications 
port, a processor and memory. For example 
the user controls may be a keyboard and ' 
mouse, the communicationsport may be a Nl6 
card with an Ethernet port, the processor may 
be a CPU, and the memory may be a hard-diivd 
or RAM; 



first secure container containing a governed 
item is an IRM protected email. 

Both the email and attachment are IRM 
protected, each having their own rules, each 
being encrypted. 



The rule governing the email (a first secure 
container rule) governs said first secure 
container governed item. 



The second secure container is the IRM 
protected attachment's derived license request 
object. 

The license request object contains the 
Publishing license and a signed digital 
certificate. 



hardware or software used for receiving and 
opening secure containers, said secure 
containers each including the capacity to 
contain a governed item, a secure container 
rule being associated with each of said secure 
containers; 



2934*2.02 



a protected processing environment at least in 
part protecting information contained in said 
protected processing environment from 
tampering by a user of said first apparatus, 

said protected processing environment 
including hardware or software used for 
annlving said first secure container rule and a 



The RM (IRM) enabled computer has software 
for receiving and opening secure containers. 

The IRM secure containers have capacity to 
contain a governed item, with a secure 
container rule being associated with each of 
said secure containers. . 



Protected information on the RM-enabled 
computer is prptected by the use of at least 
cryptographic techniques. 



The rules governing the email itself (first 
secure container rule") and the rules governing' 



t! 
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second secure container rule in combination to 
at least in part govern at least one aspect of 
access to or use of a governed item contained 
in a securecontainen and 



hardware or software used for transmission of 
secure containers to othe£ apparatuses or for 
the receipt of securer containers, from other 
apparatuses* . _• 



the attachment will work together to determine 
what access to or use (if any) will be allowed 
with respect to the governed item* 



RM-enabled applications, e.g., OUTLOOK, are 
designed to transmit and receive RM secured 
containers to/from other computers. 
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Infiingjng products mclude Office 2003 and . 
included applications, and Server 2003, 
including Microsoft hosted RMS Service using 
Passport 



V system including; 



t first apparatus including, 
iser controls, 
l communications port, 
, processor, 

memory storing: 



A .device with user controls, a communications 
port* .ft processor and memory. For example/ 
the user controls may be a keyboard and 
mouse, the communications port may be aNIC 
card with an Ethernet port, the processor may 
be a CPU, and the memory m£yt>e a^ard-dijve 
or RAM. 



first secure container containing a governed 
tern, the first secure container governed itepi 
eing at least in part encrypted; 



first secure container containing a governed 
item is an IRM protected emaiL 

Both the email and attachment are IRM 
protected, each having their own rules, each 
being encrypted. 



first secure container rule at least in part 
oveming an aspect of access to or use of said 
xst secure container governed item; and 



The rule governing the email (a first secure 
container rule) governs said first secure 
container governed item. 



second secure container containing a digital 
[gnature, the second secure container being 
Efferent from said first secure container, - 



The second secure container is the IRM email 
attachment 

This attachment and its publishing license are 
signed. 



ardware or software used for receiving and 
pening secure containers, said secure 
Mitainers each including the capacity to 
sntain a governed item/a secure container 
de being associated with each of said secure 
sntainers; 



protected pmcessmg- environment at least in — Protected 
art protecting information contained in said mmTmitpr 
rotected processing environment from 
unpering by a user of said first apparatus, 

iid protected processing environment 
icluding hardware or software, used for 
inlying said first secure container rule and a 



The RM (IRM) enabled computer has software 
for receiving and opening secure containers* 

The IRM secure containers have capacity to 
contain a governed item, with a secure 
container rule being associated with each of 
said secure containers. 



informationon the RM-enabled 
computer i£ protected by the use of at least 
cryptographic techniques. 



The rules governing the email itself (first 
secure' container* ml e^ and the roles governing 



E*hibitB 



04 8:16:32 PM [Eastern Daylight Time] * SVR:USPT0€FXRF-1/1 * DNIS:8729306 * CSID:650&496775 1 DURATION (mm-ss):23-03 



5:48PM PALO ALTO OFFICE 



NO. 337 P. 89 



7 
9 

io 
n 

12 

13 

14 

15 

16 

17 

18 

19 

20 

2] 

22 

23 

24 

25 

26 

27 

28 



293482.02 



second secure container rale in combination to 
-at least in part govern at least one aspect of 
access to or use of a governed item contained 
in a secure container: and 



hardware or software used for transmission' of 
secure containers to other apparatuses or for 
the-receipt of secure containers from other 
apparatuses. ■■ - 



the attachment work together to determine what ] 
access to or use (if any) will be allowed with 
respect 16 the governed item. 



RM -enabled applications, cg n OUTLOOK^re 
designed to transmit and receive RM secured 
containers to/from other computers. 
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A system including 



a first apparatus including, 
user controls, • 
a coinmimications port, 
a processor, 



a memory storing: 



a first secure container containing a governed 
item, the first secure container governed hem 
being at least in part encrypted; 



Ihfiingrng products include Office 2003 and 
included applications, arid^erver 2003, 
including Microsoft hosted RMS Service using 
Passport • 



A deyieewith Xiser controls, a communication^ 

port, a. processor and memory-. For example, 

the user controls may be a keyboard and 

mouse, the communications port may be a NIC 

"J™ %™ an Ethernet port, the processor may 

« rfr' and the memory may be a hard-drive' 
or RAM. 



28 



a first secure container rule at least in part 
ioveroing an aspect of access to or use of said 
gst secure container governed item: and 



a second secure container containing a digital 
signature, the second secure container being 
different from said first secure container; 



The first secure container containing a 
governed item is an IRM protected document 
which is an attachment \vithin an IRM 
protected email message. The governed item is 
the document's content 

Both the email message and. attachment are 
encrypted and have associated usage rules due 
to IRM nrotectfon 



A use license for the IRM protected document 
specifies rules governing access to or use of 
_gaad first secure container governed item 



hardware or software used for receiving and 
opening secure containers, said secure 
containers each including the capacity to 
contain a governed item, a secure container 
rule being associated with each of said secure 
containers; 



a protected processing environment- at least in 
nart protecting information contained m said 



The second secure container is the IRM 
protected email message. - - 

^EjM protected attachment includes a 
publishing license and an owner certificate, 
both of which are signed XrML digital 
certificates. • ' 

The attachment (including embedded 
certificates) is contained within the IRM 
protected emaij message {said second secure 
container^ 



The RM (TERM) enabled computer has software i 
tor receiving and opening secure containers. I 

The IRM secure containers have capacity to 
contain a governed hem, with a secure 
contajner rule being associated with each of 
said secure comainerg 



Protected information on the RM-enabied. 
comrnrter is iwotected hv.the lisenf at 1«wt 
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protected processing environment from 
tampering by a user of said first apparatus, 

said protected processing environment 
including, hardware or software used for 
applying said first secure container rule and a 
second secure container hile in combination to 
at least in part govern at least one asgtect of 
access to or use of a governed item'coutained* 
m a secure container: and . - 
hardware or software used for transmission of 
secure containers to- other apparatuses or for 
the receipt of secure containers from other 
apparatuses. 

6- A system as in claim S, 

said memory storing a rule at least in part 
governing an aspect of access to or use of said 
digital signature. 
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cryptographic techniques. 



The rules governing the attachment (firpt secure 
. container nil e) and the rules governing the 
email message (second secure container rule) 
work together to determine what access, to or 
use (if ah3j) will be allowed with" respect to the 
governed item, 

RM-enabled applications, e.g^ OUTLOOK, arc 
designed to transmit and receive RM secured 
containers to/from other computers. * 



All parts of the attachment (including . 
embedded signed XrML licenses/certificates) 
are protected by the enclosing email message ** 
anogovern'ed by the associated email rules 
(second secure container mleV _ 
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A system including: 



'a first apparatus including; 
user controls, 
a communications port, 
a processor, 

a memory containing a first rule, 



hardware or software used for receiving and 
opening secure containers, 

said secure containers each including the 
capacity to contain a governed item, a secure 
container rule being associated with each of 
said secure containers: 



a protected processing environment at least in 
part protecting information contained in said 
protected processing environment from 
tampering by a user of said first apparatus, 

said protected processing environment 
including hardware or software used for 
applying said first rule and a secure container 
rule in combination to at least in part govern at 
least one aspect of access to or use of a 
governed item; and 




Infringing products include OfBce-2003 and 
included applications, and Server 2003, • ' •* 
including Microsoft hosted RMS Service using 
Passport • ' 



A device with user controls, a communications 
port, i processor, and memory/ For example, 
the u$£r controls may be a keyboard and~ 
mouse, the communications port may be a NIC 
card with an Ethernet port, the processor may 
be a CPU, and the memory may be a hard-drive 
or RAM. 

The first rule governs use of an IRM protected 
document (e.g., an IRM rule permitting a . 
document to be read by specified users or 
barring access to IRM-govemed information 
from specified users, applications, or other 
principals). 



The RM-enabled device contains hardware or 
software for receiving and opening secure 
containers. 

The secure email has the capacity to contain an 
IRM-govemed email message, with a rule 
being associated with each email. 



hardware or software used for transmission nf 



Protected information on the RM-enabled 
device is protected by the use of at least 
cryptographic techniques. 

The secure container rule is an IRM rule 
governing access to the IRM protected 
document (e,g., a rule permitting editing by 
specified users). 

The rule governing the email works together 
with an additional rule to determine what 
access to or use (if any) are allowed with 
respect to the IRM-govemed email message 
(the document's content). For example, the 
additional rule.may be received together with 
the rule in the use license, may be associated 
with a publishing license, may be associated 
with user certification, revocation lists, or 
exclusion policies, or may be received from 
any other source. 



The device includes hardware or software used 
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